Robert Watson 5e386598a6 Merge OpenBSM 1.2-alpha5 from vendor branch to FreeBSD -CURRENT:
- Add a new "qsize" parameter in audit_control and the getacqsize(3) API to
  query it, allowing to set the kernel's maximum audit queue length.
- Add support to push a mapping between audit event names and event numbers
  into the kernel (where supported) using new A_GETEVENT and A_SETEVENT
  auditon(2) operations.
- Add audit event identifiers for a number of new (and not-so-new) FreeBSD
  system calls including those for asynchronous I/O, thread management, SCTP,
  jails, multi-FIB support, and misc. POSIX interfaces such as
  posix_fallocate(2) and posix_fadvise(2).
- On operating systems supporting Capsicum, auditreduce(1) and praudit(1) now
  run sandboxed.
- Empty "flags" and "naflags" fields are now permitted in audit_control(5).

Many thanks to Christian Brueffer for producing the OpenBSM release and
importing/tagging it in the vendor branch.  This release will allow improved
auditing of a range of new FreeBSD functionality, as well as non-traditional
events (e.g., fine-grained I/O auditing) not required by the Orange Book or
Common Criteria.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, AFRL
MFC after:	3 weeks
2017-03-26 21:14:49 +00:00

46 lines
1.6 KiB
Plaintext

OpenBSM Build and Installation Instructions
OpenBSM is currently built using autoconf and automake, which should allow
for building on a range of operating systems, including FreeBSD, Mac OS X,
and Linux. Some components are built only if appropriate kernel audit
support is found. Typical builds will be performed using:
./configure
make
On Linux systems, OpenSSL headers may have to be installed to support
encryption of on-the-wire audit streams using auditdistd; the following
appears to work on Ubuntu:
sudo apt-get install libssl-dev
Similarly, Mac OS X systems will require OpenSSL support:
brew install openssl
Mac OS X systems will similarly require setting CFLAGS and LDFLAGS to notify
configure of the location of the OpenSSL headers and library:
CFLAGS=-I/usr/local/opt/openssl/include \
LDFLAGS=-L/usr/local/opt/openssl/lib \
configure
To install the library, binaries, and man pages, use:
make install
The OpenBSM install will not install files in /etc; these have to be
manually installed or merged. Currently, the locations of these files are
not configurable.
You may wish to specify that the OpenBSM components not be installed in the
base system, rather in a specific directory. This may be done using the
--prefix argument to configure. If installing to a specific directory,
remember to update your library path so that when running tools from that
directory the correct libbsm is used:
./configure --prefix=/home/rwatson/openbsm
make
make install
LD_LIBRARY_PATH=/home/rwatson/openbsm/libbsm ; export LD_LIBRARY_PATH