-
Notifications
You must be signed in to change notification settings - Fork 1
/
openbsm.page
584 lines (549 loc) · 24.6 KB
/
openbsm.page
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
<!--
Copyright (c) 2005-2012 Robert N. M. Watson
Copyright (c) 2008-2009 Apple, Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
-->
<page role="openbsm">
<title>OpenBSM</title>
<section>
<title>OpenBSM: Open Source Basic Security Module (BSM) Audit
Implementation</title>
<html>
<p>
<span id="collection-label">GitHub:</span>
<a href="https://github.com/openbsm/openbsm">https://github.com/openbsm/openbsm</a>
</p>
<p>OpenBSM is a portable, open source implementation of Sun's Basic
Security Module (BSM) security audit API and file format.
BSM, the de facto industry standard for audit, describes a set of
system call and library interfaces for managing audit records, as
well as a token stream file format that permits extensible and
generalized audit trail processing.
Records may describe both kernel events, such as system calls, as
well as application events, such as login, password changes,
etc.</p>
<p>OpenBSM extends the BSM API and file format in a number of ways to
support features present in the Mac OS X and FreeBSD operating
systems, such as Mach task interfaces, sendfile(), and Linux system
calls present in the FreeBSD Linux emulation layer, as well as
focusing on portability through an endian-independent version of the
trail format.</p>
<p>The OpenBSM distribution provides system include files, the libbsm
library, command-line tools such as praudit and auditreduce, sample
/etc configuration files, an audit daemon for use on systems with
kernel support, and an audit trail distribution daemon to allow
trails to be securely submitted by end hosts to a central audit trail
server (to appear in OpenBSM 1.2).
It is appropriate for use stand-alone in processing trails generated
by BSM-enabled systems, as well as for use as the foundation of OS
audit implementations requiring libraries, command-line tools,
etc.</p>
<p>OpenBSM is built and tested on several versions of FreeBSD, Mac OS
X, and Linux; some components, such as the audit daemon, require
kernel audit support (present in FreeBSD and Mac OS X, and in fact
derived from OpenBSM), but the basic library and audit trail tools
run on all three platforms regardless of OS kernel support.
Written in portable C and built using autoconf/automake, it is easy
to adapt OpenBSM for use on new platforms.</p>
</html>
</section>
<section>
<title>History and Vendors</title>
<html>
<p>OpenBSM is derived from the BSM audit implementation found in
Apple's open source Darwin operating system, generously released by
Apple under a BSD license.
The Darwin BSM implementation was created by McAfee Research under
contract to Apple Computer, and has since been maintained and
extended by the volunteer TrustedBSD team.
The FreeBSD Foundation sponsored the development of auditdistd, a
distributed audit trail daemon.</p>
<p>OpenBSM is the core user space component of the <a
href="audit.html">TrustedBSD Audit Implementation</a> for
FreeBSD, providing tools, libraries, and include files.
OpenBSM ships with FreeBSD 6.2 and later, with the first full
release of OpenBSM (1.0) in FreeBSD 6.3 and FreeBSD 7.0.</p>
<p><a href="bsmtrace.html">BSMtrace</a> is an independently
distributed BSM-based host intrusion detection system that relies
on OpenBSM audit trails.</p>
</html>
</section>
<section>
<title>Mailing List</title>
<html>
<p>Discussion of the TrustedBSD Audit implementation, as well as the
OpenBSM package, takes place on the <a
href="mailinglists.html">trustedbsd-audit mailing list</a>.</p>
</html>
</section>
<section>
<title>Releases</title>
<html>
<p>OpenBSM source code is available for download via occasional
snapshot and release tarballs, vendor integrated source code (such as
the FreeBSD source tree), and the <a href="https://github.com/openbsm/openbsm">
OpenBSM GitHub repository</a>.
The current release is OpenBSM 1.1p2, released on 2 August, 2009.
Please see the file README present in the OpenBSM distribution for
build and installation instructions.</p>
<table width="100%" border="0" cellspacing="2" cellpadding="6">
<tr>
<td valign="top" bgcolor="#eeeeee"><b>Version</b></td>
<td valign="top" bgcolor="#eeeeee"><b>Download</b></td>
<td valign="top" bgcolor="#eeeeee"><b>Size</b></td>
<td valign="top" bgcolor="#eeeeee"><b>Date</b></td>
<td valign="top" bgcolor="#eeeeee"><b>Description</b></td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.1p2</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.1-p2.tgz">openbsm-1.1-p2.tgz</a></td>
<td bgcolor="#eeeeee">560K</td>
<td bgcolor="#eeeeee">2009-08-02</td>
<td bgcolor="#eeeeee">
<p>OpenBSM 1.1p2 is a minor patch release of the OpenBSM code base.
There are no significant changes from OpenBSM 1.1p1, but there
are several bug fixes relating to /etc/security/audit_event
entries for the openat(2) system call, build fixes for Linux, and
the printing of class masks by the audump tool.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.1p1</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.1-p1.tgz">openbsm-1.1-p1.tgz</a></td>
<td bgcolor="#eeeeee">560K</td>
<td bgcolor="#eeeeee">2009-07-17</td>
<td bgcolor="#eeeeee">
<p>OpenBSM 1.1p1 is a minor patch release of the OpenBSM code base.
There are no significant changes from OpenBSM 1.1, but there are
a number of bug fixes in token parsing and generation, and
tolerance for whitespace variation in OpenBSM configuration
files is improved.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.1</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.1.tgz">openbsm-1.1.tgz</a></td>
<td bgcolor="#eeeeee">560K</td>
<td bgcolor="#eeeeee">2009-04-16</td>
<td bgcolor="#eeeeee">
<p>OpenBSM 1.1 is the second production release of the OpenBSM
code base. Major changes since OpenBSM 1.0 include:</p>
<ul>
<li>Trail files now include the host where the trail is
generated. Crash recovery has been improved. Trail
expiration based on size and date is now supported; by
default trail files will be expired after 10MB of trails.
The default individual trail limit is now 2MB.</li>
<li>Mac OS X Snow Leopard is now a fully supported platform;
launchd(8) can now be used to launchd auditd(8). Command
line tools and libraries are now supported on Mac OS X
Leopard.</li>
<li>Extended header tokens are now supported, allowing audit
trails to be tagged with a host identifier. IPv6 addresses
are now supported in subject tokens.</li>
<li>BSM token and record types have been further synchronized
to OpenSolaris; support for many new system calls has been
added. Local errors and socket types are mapped to and from
BSM values.</li>
</ul>
<p>Since the last test release, OpenBSM 1.1 beta 1, 32/64-bit
compatibility has been fixed for the auditon(2) system call.
A default "expire-after" of 10MB is now set in
audit_control(5). Local fcntl(2) arguments are now mapped to
wire BSM versions using new APIs. The audit_submit(3) man
page has been fixed. A new audit event class has been added
for post-login authentication and access control events.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.0</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.0.tgz">openbsm-1.0.tgz</a></td>
<td bgcolor="#eeeeee">496K</td>
<td bgcolor="#eeeeee">2007-10-28</td>
<td bgcolor="#eeeeee">
<p>OpenBSM 1.0 is the first production release of the OpenBSM
code base.
Since the last test release, OpenBSM 1.0 alpha 15, a bug
leading to a crash in auditreduce(8) has been resolved, and all
AU_ constants have been removed.
The versions of autoconf and automake used to build OpenBSM
have been updated.</p>
</td>
</tr>
</table>
</html>
</section>
<section>
<title>Current Development Snapshot</title>
<html>
<p>Development snapshots reflect work-in-progress snapshots of the
OpenBSM development branch on GitHub.
They are appropriate for use in production systems, but consumers of
these snapshots should be aware that APIs, file formats, and tools
are under active development, and may change at any time.
Please see the file README present in the OpenBSM distribution for
build and installation instructions.</p>
<table width="100%" border="0" cellspacing="2" cellpadding="6">
<tr>
<td valign="top" bgcolor="#eeeeee"><b>Version</b></td>
<td valign="top" bgcolor="#eeeeee"><b>Download</b></td>
<td valign="top" bgcolor="#eeeeee"><b>Size</b></td>
<td valign="top" bgcolor="#eeeeee"><b>Date</b></td>
<td valign="top" bgcolor="#eeeeee"><b>Description</b></td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.2 alpha5</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.2-alpha5.tgz">openbsm-1.2-alpha5.tgz</a></td>
<td bgcolor="#eeeeee">648K</td>
<td bgcolor="#eeeeee">2016-12-04</td>
<td bgcolor="#eeeeee">
<p>SHA256: 4c615e92c445bbdd345119708ba5c6a7385cc4f8e2ea90c661dfddaf7e17f81a</p>
<p>OpenBSM 1.2-alpha5 is the fifth test release of the OpenBSM 1.2
release stream.
In this revision several new features were added, among them: support for
setting the kernel's maximum audit queue length; the ability to push a
mapping between audit event names and event numbers into a kernel supporting
this feature; sandboxing support for auditreduce(1) and praudit(1) on systems
supporting Capsicum; and the ability to leave the flags and naflags parameters
empty. Additionally, event definitions for several FreeBSD subsystems were
added.</p>
</td>
</tr>
</table>
</html>
</section>
<section>
<title>Historical Development Snapshots</title>
<html>
<p>This is an archive of past OpenBSM test snapshots; use of these
versions is not recommended.
These snapshots are from the development of OpenBSM 1.1:</p>
<table width="100%" border="0" cellspacing="2" cellpadding="6">
<tr>
<td valign="top" bgcolor="#eeeeee"><b>Version</b></td>
<td valign="top" bgcolor="#eeeeee"><b>Download</b></td>
<td valign="top" bgcolor="#eeeeee"><b>Size</b></td>
<td valign="top" bgcolor="#eeeeee"><b>Date</b></td>
<td valign="top" bgcolor="#eeeeee"><b>Description</b></td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.2 alpha4</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.2-alpha4.tgz">openbsm-1.2-alpha4.tgz</a></td>
<td bgcolor="#eeeeee">683K</td>
<td bgcolor="#eeeeee">2015-11-02</td>
<td bgcolor="#eeeeee">
<p>SHA256: 35b0370d19a742a387f10aaae187a38abee536d8a7b57c0e9d997d3ceaf02429</p>
<p>OpenBSM 1.2-alpha4 is the fourth test release of the OpenBSM 1.2
release stream.
In this revision, a number of bugs have been fixed in auditdistd.
A bug in praudit has been fixes that caused it to emit invalid XML
output. Manpage links, broken since the switch to autotools, are
installed once again. Additionally, event definitions were updated,
and the documentation has been improved.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.2 alpha3</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.2-alpha3.tgz">openbsm-1.2-alpha3.tgz</a></td>
<td bgcolor="#eeeeee">736K</td>
<td bgcolor="#eeeeee">2012-12-15</td>
<td bgcolor="#eeeeee">
<p>In this revision, a number of (largely minor) refinements are
made to auditdistd; perhaps most importantly, header files and
build elements are cleaned up to support better integration into
the FreeBSD 10-CURRENT source tree.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.2 alpha2</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.2-alpha2.tgz">openbsm-1.2-alpha2.tgz</a></td>
<td bgcolor="#eeeeee">736K</td>
<td bgcolor="#eeeeee">2012-11-23</td>
<td bgcolor="#eeeeee">
<p>In this revision, OpenBSM grows a new daemon, auditdistd, which
provides secure audit trail distribution over the network.
Implemented by Pawel Jakub Dawidek and sponsored by the FreeBSD
Foundation, auditdistd provides a client to run on hosts
generating audit trails, and a server to run on a central secure
audit host. auditdistd uses TLS to encrypt trails on the wire,
and does it append-only, so that audit trails leading up to a
compromise on the client are tamper-proof on the client. This
feature is considered experimental.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.2 alpha1</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.2-alpha1.tgz">openbsm-1.2-alpha1.tgz</a></td>
<td bgcolor="#eeeeee">640K</td>
<td bgcolor="#eeeeee">2012-07-22</td>
<td bgcolor="#eeeeee">
<p>In this revision, OpenBSM grows support for Capsicum system calls
and events, has various fixes to address warnings from the Clang
static analyser, fixes trail expiration when the host parameter
is used, adds support for privilege tokens, fixes a directory
descriptor leak that arose in low disk space conditions, added
build support for more recent Linux versions, fixed bugs in XML
rendering of BSM, and improved the documentation.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.1 beta 1</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.1-beta1.tgz">openbsm-1.1-beta1.tgz</a></td>
<td bgcolor="#eeeeee">544K</td>
<td bgcolor="#eeeeee">2009-02-24</td>
<td bgcolor="#eeeeee">
<p>In this revision, OpenBSM's auditd(8) grows support for audit
trail expiration based on age and trail size, various defaults
in audit_control(5) are modernized (such as smaller percent
free default, and enabling execve(2) argument auditing by
default), socket types and domains are converted to BSM format
when written out, and bugs are fixed in IPC permission token
encoding.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.1 alpha 5</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.1-alpha5.tgz">openbsm-1.1-alpha5.tgz</a></td>
<td bgcolor="#eeeeee">544K</td>
<td bgcolor="#eeeeee">2009-01-11</td>
<td bgcolor="#eeeeee">
<p>In this revision, OpenBSM is modified to map local protocol
family constants and socket types to wire versions, as the
specific constant values vary by OS; a stub libauditd(3) man
page is added, errno constants are renamed, full error string
text is not compiled into kernels when OpenBSM code is used
there, warnings are fixed on many platforms, and the launchd
label for audit is changed on Mac OS X.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.1 alpha 4</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.1-alpha4.tgz">openbsm-1.1-alpha4.tgz</a></td>
<td bgcolor="#eeeeee">544K</td>
<td bgcolor="#eeeeee">2008-12-19</td>
<td bgcolor="#eeeeee">
<p>In this revision, most functional components of auditd(8) are
moved to a new libauditd(3), so that they can be shared by
auditd(8) on FreeBSD and launchd(8) on Mac OS X. In addition,
audit_submit(3) is taught to accept local errno values (as it
did before the additional of a BSM error number space), further
cleanup of the user audit event ID space is performed in order
to avoid collisions with other systems, au_strerror(3) is added
to allow printing of error numbers without converting to local
numbers (which may lose fidelity), and audit crash recovery is
improved as auditd now maintains a current trail link and
cleans up if it discovers auditd failed during the last
rotation. In Mac OS X, ASL(3) is used instead of syslog(3) for
system logging.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.1 alpha 3</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.1-alpha3.tgz">openbsm-1.1-alpha3.tgz</a></td>
<td bgcolor="#eeeeee">512K</td>
<td bgcolor="#eeeeee">2008-12-07</td>
<td bgcolor="#eeeeee">
<p>In this revision, OpenBSM maps between local and wire values
for the errno error space, bugs are fixed in the encoding of
execve arguments and environmental variables, support for the
portable AUT_SOCKET_EX token type is added, and the BSM header
version is bumped to give OpenBSM 1.1 its own file format
version due to non-trivial changes in tokens.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.1 alpha 2</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.1-alpha2.tgz">openbsm-1.1-alpha2.tgz</a></td>
<td bgcolor="#eeeeee">512K</td>
<td bgcolor="#eeeeee">2008-11-11</td>
<td bgcolor="#eeeeee">
<p>In this revision, BSM include files required by OS vendors for
use in kernels are broken out into a separate include
directory, a configure option is added to force use of native
rather than OpenBSM sys includes if desired, strlcpy() and
strlcat() are used in preference to less robust APIs,
compatibility defines for old Darwin event identifiers are
removed, support for exended header tokens (containing host
information) is added to the BSM library and auditd(8), and can
be set in audit_control(5).</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.1 alpha 1</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.1-alpha1.tgz">openbsm-1.1-alpha1.tgz</a></td>
<td bgcolor="#eeeeee">496K</td>
<td bgcolor="#eeeeee">2008-07-31</td>
<td bgcolor="#eeeeee">
<p>In this revision, support for Mac OS X 10.5 is introduced,
including new events specific to Leopard, and support for the
Mach IPC audit trigger method.
auditreduce(1) grows an invert flag, and allows selecting of
more than one event.
A number of bugs are fixed, including in XML trail conversion,
BSM record writing, and audit_control file access.</p>
</td>
</tr>
</table>
<p>These snapshots are from the development of OpenBSM 1.0:</p>
<table width="100%" border="0" cellspacing="2" cellpadding="6">
<tr>
<td valign="top" bgcolor="#eeeeee"><b>Version</b></td>
<td valign="top" bgcolor="#eeeeee"><b>Download</b></td>
<td valign="top" bgcolor="#eeeeee"><b>Size</b></td>
<td valign="top" bgcolor="#eeeeee"><b>Date</b></td>
<td valign="top" bgcolor="#eeeeee"><b>Description</b></td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.0 alpha 15</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.0-alpha15.tgz">openbsm-1.0-alpha15.tgz</a></td>
<td bgcolor="#eeeeee">480K</td>
<td bgcolor="#eeeeee">2007-07-16</td>
<td bgcolor="#eeeeee">
<p>Bugs fixed in the handling of IPv6 addresses, auditreduce, and
additional audit event identifiers added for new system
calls.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.0 alpha 14</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.0-alpha14.tgz">openbsm-1.0-alpha14.tgz</a></td>
<td bgcolor="#eeeeee">480K</td>
<td bgcolor="#eeeeee">2007-04-16</td>
<td bgcolor="#eeeeee">
<p>Support for the zonename token type added, a variety of
endian-related bugs in IPv6 addresses fixed, OpenBSM becomes
warning clean for gcc1, and various man page updated.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.0 alpha 13</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.0-alpha13.tgz">openbsm-1.0-alpha13.tgz</a></td>
<td bgcolor="#eeeeee">480K</td>
<td bgcolor="#eeeeee">2006-11-25</td>
<td bgcolor="#eeeeee">
<p>Man page documentation substantially imrpved, XML printing
support added to praudit(8), and support for more 64-bit token
types.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.0 alpha 12</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.0-alpha12.tgz">openbsm-1.0-alpha12.tgz</a></td>
<td bgcolor="#eeeeee">480K</td>
<td bgcolor="#eeeeee">2006-09-24</td>
<td bgcolor="#eeeeee">
<p>audit_control(5) filesz configuration added in order to
support automated rotation of audit trails based on file size,
regular expression matching for paths added to auditreduce, an
audit_warn event is generated on rotation, and a number of
other bugs fixed and documentation improved.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.0 alpha 11</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.0-alpha11.tgz">openbsm-1.0-alpha11.tgz</a></td>
<td bgcolor="#eeeeee">480K</td>
<td bgcolor="#eeeeee">2006-09-20</td>
<td bgcolor="#eeeeee">
<p>audit_control(5) control of audit policy is introduced, and
and significant number of bugs relating to execve(2) argument
auditing and trail rotation are fixed.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.0 alpha 10</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.0-alpha10.tgz">openbsm-1.0-alpha10.tgz</a></td>
<td bgcolor="#eeeeee">464K</td>
<td bgcolor="#eeeeee">2006-09-02</td>
<td bgcolor="#eeeeee">
<p>auditd(8) now submits complete audit records, including full
return information, as part of its operation.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.0 alpha 9</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.0-alpha9.tgz">openbsm-1.0-alpha9.tgz</a></td>
<td bgcolor="#eeeeee">464K</td>
<td bgcolor="#eeeeee">2006-08-26</td>
<td bgcolor="#eeeeee">
<p>Many BSM_/bsm_ constants are renamed to AUDIT_/audit_, the
audit filter module API has been refined, and a number of bugs
have been fixed..</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.0 alpha 8</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.0-alpha8.tgz">openbsm-1.0-alpha8.tgz</a></td>
<td bgcolor="#eeeeee">464K</td>
<td bgcolor="#eeeeee">2006-08-16</td>
<td bgcolor="#eeeeee">
<p>Non-Solaris audit events have been renumbered to avoid future
collisions, and a unique OpenBSM header token version number
has been adopted.
A variety of other bugs have been fixed, and cleanups made.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.0 alpha 7</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.0-alpha7.tgz">openbsm-1.0-alpha7.tgz</a></td>
<td bgcolor="#eeeeee">464K</td>
<td bgcolor="#eeeeee">2006-06-27</td>
<td bgcolor="#eeeeee">
<p>Improvements in the creation of subject tokens and in code
portability.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.0 alpha 6</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.0-alpha6.tgz">openbsm-1.0-alpha6.tgz</a></td>
<td bgcolor="#eeeeee">464K</td>
<td bgcolor="#eeeeee">2006-06-02</td>
<td bgcolor="#eeeeee">
<p>An experimental audit filter API is introduced, APIs for
application-submitted audit records are improved, and bugs are
fixed.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.0 alpha 5</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.0-alpha5.tgz">openbsm-1.0-alpha5.tgz</a></td>
<td bgcolor="#eeeeee">432K</td>
<td bgcolor="#eeeeee">2006-03-04</td>
<td bgcolor="#eeeeee">
<p>OpenBSM now uses autoconf/automake, allowing it to build on
Mac OS X and Linux.</p>
</td>
</tr>
<tr>
<td bgcolor="#eeeeee">1.0 alpha 4</td>
<td bgcolor="#eeeeee"><a href="downloads/openbsm-1.0-alpha4.tgz">openbsm-1.0-alpha4.tgz</a></td>
<td bgcolor="#eeeeee">86K</td>
<td bgcolor="#eeeeee">2006-02-23</td>
<td bgcolor="#eeeeee">
<p>This is the first version of OpenBSM and incorporates the
OpenBSM code as present on FreeBSD CVS at this date.</p>
</td>
</tr>
</table>
</html>
</section>
</page>