From owner-trustedbsd-audit@FreeBSD.ORG Mon Sep 25 09:43:12 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0C9916A403 for ; Mon, 25 Sep 2006 09:43:12 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E2C643D72 for ; Mon, 25 Sep 2006 09:43:07 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id DCEDD46CB9 for ; Mon, 25 Sep 2006 05:43:06 -0400 (EDT) Date: Mon, 25 Sep 2006 10:43:06 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-audit@TrustedBSD.org Message-ID: <20060925104148.U42437@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: OpenBSM 1.0 alpha 12 released X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Sep 2006 09:43:12 -0000 OpenBSM 1.0 alpha 12 is now up the web site, and will be the second release after incorporated into the FreeBSD 6-STABLE tree. It incorporates a number of bug fixes and enhancements resulting from use by 6-STABLE users. The download can be found at: http://www.TrustedBSD.org/openbsm.html Change notes from OpenBSM 1.0 alpha 11 below. I'll be incorporating this drop into FreeBSD 7-CURRENT today, and 6-STABLE a few days later for inclusion in 6.2-BETA2 (skipping alpha 11, since this supercedes it). Robert N M Watson Computer Laboratory University of Cambridge OpenBSM 1.0 alpha 12 - Correct bug in auditreduce which prevented the -c option from working correctly when the user specifies to process successful or failed events. The problem stemmed from not having access to the return token at the time the initial preselection occurred, but now a second preselection process occurs while processing the return token. - getacfilesz(3) API added to read new audit_control(5) filesz setting, which auditd(8) now sets the kernel audit trail rotation size to. - auditreduce(1) now uses stdin if no file names are specified on the command line; this was the documented behavior previously, but it was not implemented. Be more specific in auditreduce(1)'s examples section about what might be done with the output of auditreduce. - Add audit_warn(5) closefile event so that administrators can hook termination of an audit trail file. For example, this might be used to compress the trail file after it is closed. - auditreduce(1) now uses regular expressions for pathname matching. Users can now supply one or more (comma delimited) regular expressions for searching the pathnames. If one of the regular expressions is prefixed with a tilde (~), and a path matches, it will be excluded from the search results.