0776eb3d4e
OpenBSM history for imported revision below for reference. MFC after: 2 weeks Sponsored by: Apple, Inc. Obtained from: TrustedBSD Project OpenBSM 1.1 - Change auditon(2) parameters and data structures to be 32/64-bit architecture independent. Add more information to man page about auditon(2) parameters. - Add wrapper functions for auditon(2) to use legacy commands when the new commands are not supported. - Add default for 'expire-after' in audit_control to expire trail files when the audit directory is more than 10 megabytes ('10M'). - Interface to convert between local and BSM fcntl(2) command values has been added: au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with definitions of constants in audit_fcntl.h. - A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens generated by audit_submit(3) were improperly encoded has been fixed. - Fix example in audit_submit(3) man page. Also, make it clear that we want the audit ID as the argument. - A new audit event class 'aa', for post-login authentication and authorization events, has been added.
68 lines
2.6 KiB
Plaintext
68 lines
2.6 KiB
Plaintext
OpenBSM 1.1
|
|
|
|
Introduction
|
|
|
|
OpenBSM is an open source implementation of Sun's BSM event auditing file
|
|
format and API. Originally created for Apple Computer by McAfee Research,
|
|
OpenBSM is now maintained by volunteers and through the generous contribution
|
|
of several organizations.
|
|
|
|
OpenBSM includes several command line tools, including auditreduce(8) and
|
|
praudit(8) for reducing and printing audit trails, as well as the libbsm(3)
|
|
library to manage configuration files, generate audit records, and parse and
|
|
print audit trils.
|
|
|
|
Coupled with a kernel audit implementation, OpenBSM can be used to maintain
|
|
system audit streams, and is a foundation for a full audit-enabled system.
|
|
Portions of OpenBSM, including include files and token-building routines, are
|
|
reusable in a kernel audit implementation, and may be found in the FreeBSD
|
|
and Mac OS X kernels.
|
|
|
|
Contents
|
|
|
|
OpenBSM consists of several directories:
|
|
|
|
bin/ Audit-related command line tools
|
|
bsm/ Library include files for BSM
|
|
compat/ Compatibility code to build on various operating systems
|
|
etc/ Sample /etc/security configuration files
|
|
libauditd Common audit management functions for auditd and launchd
|
|
libbsm/ Implementation of BSM library interfaces and man pages
|
|
man/ System call and configuration file man pages
|
|
modules/ Directory for auditfilterd module source
|
|
sys/ System include files for BSM
|
|
test/ Test token sets and geneneration program
|
|
tools/ Tool directory, including audump to dump databases
|
|
|
|
The following programs are included with OpenBSM:
|
|
|
|
audit Command line audit control tool
|
|
auditd Audit management daemon
|
|
auditfilterd Experimental event monitoring framework
|
|
auditreduce Audit trail reduction tool
|
|
audump Debugging tool to parse and print audit databases
|
|
praudit Tool to print audit trails
|
|
|
|
Build and Installation
|
|
|
|
Please see the file INSTALL for build and installation instructions.
|
|
|
|
Contributions
|
|
|
|
The TrustedBSD Project would appreciate the contribution of bug fixes,
|
|
enhancements, etc, under identically or substantially similar licenses to
|
|
those present on the remainder of the OpenBSM source code. Please see the
|
|
file CREDITS to learn more about who has contributed to the project.
|
|
|
|
Location
|
|
|
|
Information on OpenBSM may be found on the OpenBSM home page:
|
|
|
|
http://www.OpenBSM.org/
|
|
|
|
Information on TrustedBSD may be found on the TrustedBSD home page:
|
|
|
|
http://www.TrustedBSD.org/
|
|
|
|
$P4: //depot/projects/trustedbsd/openbsm/README#36 $
|