Date: Mon, 25 Aug 2008 22:46:44 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 148468 for review Message-ID: <200808252246.m7PMkiTv020172@repoman.freebsd.org>
index | next in thread | raw e-mail
http://perforce.freebsd.org/chv.cgi?CH=148468 Change 148468 by rwatson@rwatson_fledge on 2008/08/25 22:46:29 Update. Affected files ... .. //depot/projects/trustedbsd/www/audit.page#8 edit Differences ... ==== //depot/projects/trustedbsd/www/audit.page#8 (text+ko) ==== @@ -1,5 +1,5 @@ <!-- - Copyright 2005-2006 Robert N. M. Watson + Copyright 2005-2008 Robert N. M. Watson All rights reserved. Redistribution and use in source and binary forms, with or without @@ -25,51 +25,42 @@ --> <page role="audit"> - <title>Security Event Audit</title> + <title>Security Event Auditing</title> <cvs:keywords xmlns:cvs="http://www.FreeBSD.org/XML/CVS" version="1.0"> <cvs:keyword name="freebsd"> - $P4: //depot/projects/trustedbsd/www/audit.page#7 $ + $P4: //depot/projects/trustedbsd/www/audit.page#8 $ </cvs:keyword> </cvs:keywords> <section> - <title>TrustedBSD Security Event Audit</title> + <title>TrustedBSD Security Event Auditing</title> <html> - <p> - <span id="collection-label">Perforce:</span> - <span id="cvsup-collection">//depot/projects/trustedbsd/audit3/...</span> - </p> - <p> - <span id="collection-label">Collection:</span> - <span id="cvsup-collection">p4-cvs-trustedbsd-audit3</span> - </p> - <p>Event auditing permits the selective and fine-grained logging of - security-relevant system events for the purposes of post-mortem - analysis, intrusion detection, and run-time monitoring. - analysis. This includes the logging of authentication events, user - management events, and detailed logging of access control events, - including the ability to log system calls based on user and event - class.</p> + <p>Security event auditing permits the selective and fine-grained + logging of security-relevant system events for the purposes of + post-mortem analysis, intrusion detection, and run-time monitoring. + This includes the logging of authentication events, user management + events, and detailed logging of access control events, including the + ability to log system calls based on user and event class.</p> - <p>The trustedbsd_audit3 implementation is the third generation - security audit implementation implemented by the TrustedBSD Project, - and is derived from work performed by members of the TrustedBSD team - working at McAfee Research under contract to Apple Computer, Inc., - in support of the Mac OS X CAPP evaluation. The audit3 code base - includes a kernel audit event engine, auditing of system calls - across all native and emulated ABIs, modifications to several user - space components, including login-related programs such as login and - sshd, audit print and reduction tools, audit management daemon, - "audit pipes" for live application monitoring of system events, and - an audit support library.</p> + <p>The TrustedBSD audit implementation is present in FreeBSD 6.2 and + later, and there is continuing development work to expand its + feature set. The current implementation is derived from the Mac OS + X audit implementation created by McAfee Research under contract to + Apple Computer, Inc. in support of the Mac OS X CAPP evaluation. + The TrustedBSD implementation has been substantially enhanced to add + new features, such as audit pipes allowing applications to attach + directly and selectively to the live event stream.</p> - <p>As of FreeBSD 6.2-RELEASE, audit support is included in the base - FreeBSD distribution, and further development of the kernel - implementation will take place in the FreeBSD CVS repository rather - than Perforce.</p> + <p>The audit implementation includes a kernel audit event engine, + auditing of system calls across all native and emulated ABIs, + modifications to several user space components, including + login-related programs such as login and sshd, audit print and + reduction tools, audit management daemon, "audit pipes" for live + application monitoring of system events, and an audit support + library.</p> <p>The file format and API are based on Sun's published Basic Security Module (BSM), the de facto industry standard, and are provided via ahelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808252246.m7PMkiTv020172>