From owner-trustedbsd-audit@FreeBSD.ORG Mon Oct 2 10:38:56 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 63E9B16A403; Mon, 2 Oct 2006 10:38:56 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C85E43D4C; Mon, 2 Oct 2006 10:38:55 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 4611546CA0; Mon, 2 Oct 2006 06:38:55 -0400 (EDT) Date: Mon, 2 Oct 2006 11:38:55 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-audit@TrustedBSD.org Message-ID: <20061002113239.P1763@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@FreeBSD.org Subject: Audit handbook chapter review, call for general testing X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 10:38:56 -0000 Dear All, Over the past week or so, I have spent some time updating Tom Rhodes' excellent FreeBSD Handbook chapter on Audit for some of the more recent audit changes, such as new features in more recent OpenBSM versions. Since FreeBSD 6.2-BETA2 contains what is likely the final drop of the audit code (modulo any bug fixes) for 6.2-RELEASE, now would be a great time for people interested in Audit to read the handbook chapter and give Audit a try. And then, of course, send feedback to the TrustedBSD audit mailing list with all the bugs and problems you find :-). This will give us time to shake out these bugs, further enhance the documentation, etc, before BETA3 in a week or so, and ideally chase out any remaining significant bugs over the next month before the release. You can find the handbook chapter here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html The man pages installed as part of recent RELENG_6 and 6.2-BETA2 are also pretty complete, and include more detailed reference information. The audit(4) man page has a good set of cross-references to various commands (audit(8), auditd(8), praudit(8), auditreduce(8)), as well as the audit configuration files (audit_control(5), audit_user(5), etc). Remember that audit support in 6.2-RELEASE will be considered experimental, and has a number of known limitations (such as not fully auditing all non-native FreeBSD system call interfaces, and not auditing all userland administrative events of interest), but it should be useful and usable enough to run on many production systems and contribute to system security. Thanks, Robert N M Watson Computer Laboratory University of Cambridge