From owner-p4-projects@FreeBSD.ORG Mon Aug 25 22:46:45 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 462121065671; Mon, 25 Aug 2008 22:46:45 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A6E41065678 for ; Mon, 25 Aug 2008 22:46:45 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id DDEF98FC21 for ; Mon, 25 Aug 2008 22:46:44 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.2/8.14.2) with ESMTP id m7PMkiN3020174 for ; Mon, 25 Aug 2008 22:46:44 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.2/8.14.1/Submit) id m7PMkiTv020172 for perforce@freebsd.org; Mon, 25 Aug 2008 22:46:44 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 25 Aug 2008 22:46:44 GMT Message-Id: <200808252246.m7PMkiTv020172@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 148468 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2008 22:46:45 -0000 http://perforce.freebsd.org/chv.cgi?CH=148468 Change 148468 by rwatson@rwatson_fledge on 2008/08/25 22:46:29 Update. Affected files ... .. //depot/projects/trustedbsd/www/audit.page#8 edit Differences ... ==== //depot/projects/trustedbsd/www/audit.page#8 (text+ko) ==== @@ -1,5 +1,5 @@ - Security Event Audit + Security Event Auditing - $P4: //depot/projects/trustedbsd/www/audit.page#7 $ + $P4: //depot/projects/trustedbsd/www/audit.page#8 $
- TrustedBSD Security Event Audit + TrustedBSD Security Event Auditing -

- Perforce: - //depot/projects/trustedbsd/audit3/... -

-

- Collection: - p4-cvs-trustedbsd-audit3 -

-

Event auditing permits the selective and fine-grained logging of - security-relevant system events for the purposes of post-mortem - analysis, intrusion detection, and run-time monitoring. - analysis. This includes the logging of authentication events, user - management events, and detailed logging of access control events, - including the ability to log system calls based on user and event - class.

+

Security event auditing permits the selective and fine-grained + logging of security-relevant system events for the purposes of + post-mortem analysis, intrusion detection, and run-time monitoring. + This includes the logging of authentication events, user management + events, and detailed logging of access control events, including the + ability to log system calls based on user and event class.

-

The trustedbsd_audit3 implementation is the third generation - security audit implementation implemented by the TrustedBSD Project, - and is derived from work performed by members of the TrustedBSD team - working at McAfee Research under contract to Apple Computer, Inc., - in support of the Mac OS X CAPP evaluation. The audit3 code base - includes a kernel audit event engine, auditing of system calls - across all native and emulated ABIs, modifications to several user - space components, including login-related programs such as login and - sshd, audit print and reduction tools, audit management daemon, - "audit pipes" for live application monitoring of system events, and - an audit support library.

+

The TrustedBSD audit implementation is present in FreeBSD 6.2 and + later, and there is continuing development work to expand its + feature set. The current implementation is derived from the Mac OS + X audit implementation created by McAfee Research under contract to + Apple Computer, Inc. in support of the Mac OS X CAPP evaluation. + The TrustedBSD implementation has been substantially enhanced to add + new features, such as audit pipes allowing applications to attach + directly and selectively to the live event stream.

-

As of FreeBSD 6.2-RELEASE, audit support is included in the base - FreeBSD distribution, and further development of the kernel - implementation will take place in the FreeBSD CVS repository rather - than Perforce.

+

The audit implementation includes a kernel audit event engine, + auditing of system calls across all native and emulated ABIs, + modifications to several user space components, including + login-related programs such as login and sshd, audit print and + reduction tools, audit management daemon, "audit pipes" for live + application monitoring of system events, and an audit support + library.

The file format and API are based on Sun's published Basic Security Module (BSM), the de facto industry standard, and are provided via a