Date: Mon, 25 Aug 2008 22:46:44 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 148468 for review Message-ID: <200808252246.m7PMkiTv020172@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=148468 Change 148468 by rwatson@rwatson_fledge on 2008/08/25 22:46:29 Update. Affected files ... .. //depot/projects/trustedbsd/www/audit.page#8 edit Differences ... ==== //depot/projects/trustedbsd/www/audit.page#8 (text+ko) ==== @@ -1,5 +1,5 @@ <!-- - Copyright 2005-2006 Robert N. M. Watson + Copyright 2005-2008 Robert N. M. Watson All rights reserved. Redistribution and use in source and binary forms, with or without @@ -25,51 +25,42 @@ --> <page role="audit"> - <title>Security Event Audit</title> + <title>Security Event Auditing</title> <cvs:keywords xmlns:cvs="http://www.FreeBSD.org/XML/CVS" version="1.0"> <cvs:keyword name="freebsd"> - $P4: //depot/projects/trustedbsd/www/audit.page#7 $ + $P4: //depot/projects/trustedbsd/www/audit.page#8 $ </cvs:keyword> </cvs:keywords> <section> - <title>TrustedBSD Security Event Audit</title> + <title>TrustedBSD Security Event Auditing</title> <html> - <p> - <span id="collection-label">Perforce:</span> - <span id="cvsup-collection">//depot/projects/trustedbsd/audit3/...</span> - </p> - <p> - <span id="collection-label">Collection:</span> - <span id="cvsup-collection">p4-cvs-trustedbsd-audit3</span> - </p> - <p>Event auditing permits the selective and fine-grained logging of - security-relevant system events for the purposes of post-mortem - analysis, intrusion detection, and run-time monitoring. - analysis. This includes the logging of authentication events, user - management events, and detailed logging of access control events, - including the ability to log system calls based on user and event - class.</p> + <p>Security event auditing permits the selective and fine-grained + logging of security-relevant system events for the purposes of + post-mortem analysis, intrusion detection, and run-time monitoring. + This includes the logging of authentication events, user management + events, and detailed logging of access control events, including the + ability to log system calls based on user and event class.</p> - <p>The trustedbsd_audit3 implementation is the third generation - security audit implementation implemented by the TrustedBSD Project, - and is derived from work performed by members of the TrustedBSD team - working at McAfee Research under contract to Apple Computer, Inc., - in support of the Mac OS X CAPP evaluation. The audit3 code base - includes a kernel audit event engine, auditing of system calls - across all native and emulated ABIs, modifications to several user - space components, including login-related programs such as login and - sshd, audit print and reduction tools, audit management daemon, - "audit pipes" for live application monitoring of system events, and - an audit support library.</p> + <p>The TrustedBSD audit implementation is present in FreeBSD 6.2 and + later, and there is continuing development work to expand its + feature set. The current implementation is derived from the Mac OS + X audit implementation created by McAfee Research under contract to + Apple Computer, Inc. in support of the Mac OS X CAPP evaluation. + The TrustedBSD implementation has been substantially enhanced to add + new features, such as audit pipes allowing applications to attach + directly and selectively to the live event stream.</p> - <p>As of FreeBSD 6.2-RELEASE, audit support is included in the base - FreeBSD distribution, and further development of the kernel - implementation will take place in the FreeBSD CVS repository rather - than Perforce.</p> + <p>The audit implementation includes a kernel audit event engine, + auditing of system calls across all native and emulated ABIs, + modifications to several user space components, including + login-related programs such as login and sshd, audit print and + reduction tools, audit management daemon, "audit pipes" for live + application monitoring of system events, and an audit support + library.</p> <p>The file format and API are based on Sun's published Basic Security Module (BSM), the de facto industry standard, and are provided via a
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808252246.m7PMkiTv020172>