Date: Wed, 20 Sep 2006 17:00:51 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: trustedbsd-audit@TrustedBSD.org Subject: OpenBSM 1.0 alpha 11 released Message-ID: <20060920165423.C37863@fledge.watson.org>
next in thread | raw e-mail | index | archive | help
OpenBSM 1.0 alpha 11 is now up the web site, and is the first release after
incorporation into the FreeBSD 6-STABLE tree. It incorporates a number of bug
fixes and enhancements resulting from use by 6-STABLE users. The download can
be found at:
http://www.TrustedBSD.org/openbsm.html
Change notes from OpenBSM 1.0 alpha 10 below. I'll be incorporating this drop
into FreeBSD 7-CURRENT today, and 6-STABLE a few days later for inclusion in
6.2-BETA2.
Robert N M Watson
Computer Laboratory
University of Cambridge
OpenBSM 1.0 alpha 11
- Reclassify certain read/write operations as having no class rather than the
fr/fw class; our default classes audit intent (open) not operations (read,
write).
- Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads
and writes of sysctls as separate events. Add additional kernel
environment and jail events for FreeBSD.
- Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER
(issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued
by the kernel audit implementation) so that they can be distinguished.
- Disable rate limiting of rotate requests; as the kernel doesn't retransmit
a dropped request, the log file will otherwise grow indefinitely if the
trigger is dropped.
- Improve auditd debugging output.
- Fix a number of threading related bugs in audit_control file reading
routines.
- Add APIs au_poltostr() and au_strtopol() to convert between text
representations of audit_control policy flags and the flags passed to
auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY).
- Add API getacpol() to return the 'policy:' entry from audit_control, an
extension to the Solaris file format to allow specification of policy
persistent flags.
- Update audump to print the audit_control policy field.
- Update auditd to read the audit_control policy field and set the kernel
policy to match it when configuring/reconfiguring. Remove the -s and -h
arguments as these policies are now set via the configuration file. If a
policy line is not found in the configuration file, continue with the
current default of setting AUDIT_CNT.
- Fix bugs in the parsing of large execve(2) arguments and environmental
variable tokens; increase maximum parsed argument and variable count.
- configure now detects strlcat(), used by policy-related functions.
- Reference token and record sample files added to test tree.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060920165423.C37863>