Components

• ACLs
• Audit
• BSMtrace
• Extended Attributes and UFS2
• Capabilities
• GEOM
• MAC
• OpenBSM
• OpenPAM
• SEBSD
• SEDarwin

Perforce: //depot/projects/trustedbsd/openbsm/... cvsup: p4-cvs-trustedbsd-openbsm

OpenBSM is a portable, open source implementation of Sun's Basic Security Module (BSM) Audit API and file format. BSM, the de facto industry standard for Audit, describes a set of system call and library interfaces for managing audit records, as well as a token stream file format that permits extensible and generalized audit trail processing. OpenBSM extends the BSM API and file format in a number of ways to support features present in the Mac OS X and FreeBSD operating systems, such as Mach task interfaces, sendfile(), and Linux system calls present in the FreeBSD Linux emulation layer. OpenBSM is known to build on FreeBSD, Mac OS X, and Linux; some components, such as the audit daemon, require up-to-date kernel audit parts from the FreeBSD kernel audit implementation, but the basic library and audit trail tools run on all three platforms.

The OpenBSM distribution includes system include files appropriate for inclusion in an operating system implementation of Audit, libbsm, an implementation of the BSM library interfaces for generating, parsing, and managing audit records, auditreduce and praudit, audit reduction and printing tools, API documentation, and sample /etc configuration files. Works in progress include extensions to the libbsm API to support easier audit trail analysis, including a pattern matching library.

OpenBSM is derived from the BSM audit implementation found in Apple's open source Darwin operating system, generously released by Apple under a BSD license. The Darwin BSM implementation was created by McAfee Research under contract to Apple Computer, and has since been extended by the volunteer TrustedBSD team.

OpenBSM is the core user space component of the TrustedBSD Audit Implementation for FreeBSD, providing tools, libraries, and include files. OpenBSM ships with FreeBSD 6.2 and later, with the first full release of OpenBSM (1.0) in FreeBSD 6.3 and FreeBSD 7.0.

BSMtrace is a BSM-based host intrusion detection system that relies on OpenBSM audit trails.

Discussion of the TrustedBSD Audit implementation, as well as the OpenBSM package, takes place on the trustedbsd-audit mailing list.

OpenBSM source code is available for download via occasional snapshot and release tarballs, vendor integrated source code (such as the FreeBSD source tree), cvsup, and the TrustedBSD Perforce repository. The current release is OpenBSM 1.0, released on 28 October 2007. Please see the file README present in the OpenBSM distribution for build and installation instructions.

2007-10-28 - OpenBSM 1.0 is a production release of the OpenBSM code base. Since the last test release, OpenBSM 1.0 alpha 15, a bug resulting in a crash in auditreduce(8) is resolved, and now-unneeded AU_ constants are removed. The versions of autoconf and automake used to build OpenBSM have been upgraded. FreeBSD 7.0 will ship with this version of OpenBSM. Download (496K).

Development snapshots reflect work-in-progress snapshots of the OpenBSM development branch in Perforce. They are appropriate for use in production systems, but consumers of these snapshots should be aware that APIs, file formats, and tools are under active development, and may change at any time. Please see the file README present in the OpenBSM distribution for build and installation instructions.

2007-07-16 - The OpenBSM 1.0 alpha 15 snapshot is a test release of the OpenBSM code base. In this revision, bugs are fixed in the handling of IPv6 addresses, auditreduce, and additional audit event identifiers are added for new system calls. Download (480K).

2007-04-16 - The OpenBSM 1.0 alpha 14 snapshot is a test release of the OpenBSM code base. In this revision, support for the zonename token type is added, a variety of endian-related bugs in IPv6 addresses are fixed, OpenBSM becomes warning clean for gcc1, and various man page updates are made. Download (480K).

2006-11-25 - The OpenBSM 1.0 alpha 13 snapshot is a test release of the OpenBSM code base. In this revision, man page documentation is substantially improved, XML printing support has been added to praudit(8), and there is support for additional 64-bit token types. Download (480K).

2006-09-24 - The OpenBSM 1.0 alpha 12 snapshot is a test release of the OpenBSM code base, and matches what is present in FreeBSD CVS at this date. In this revision, an audit_control(5) filesz configuration parameter is added in order to support automated rotation of audit trails based on file size, regular expression matching for paths is added to auditreduce, an audit_warn event is generated on rotation, and a number of other bug fixes and documentation improvements are present. Download (480K).

2006-09-20 - The OpenBSM 1.0 alpha 11 snapshot is a test release of the OpenBSM code base, and matches what is present in FreeBSD CVS at this date. In this revision, audit_control(5) control of audit policy is introduced, as well as a significant number of bug fixes relating to execve(2) argument auditing and log rotation. Download (480K).

2006-09-02 - OpenBSM 1.0 alpha 10 snapshot is a test release of the OpenBSM code base, and matches what is present in FreeBSD CVS at this date. In this revision, auditd has been modified to submit complete audit records, including full return information, as part of its operation, as required by upcoming changes to the FreeBSD audit3 implementation. Download (464K).

2006-08-26 - OpenBSM 1.0 alpha 9 snapshot is a test release of the OpenBSM code base, and matches what is present in FreeBSD CVS at this date. In this revision, the primary changes are a renaming of many OpenBSM BSM_/bsm_ constants to AUDIT_/audit_ constants, and refinment of the audit filter module API. There are also a number of bug fixes, cleanups, etc. Download (464K).

2006-08-16 - OpenBSM 1.0 alpha 8 snapshot is a test release of the OpenBSM code base, and matches what is present in FreeBSD CVS at this date. In this revision, the primary change is to renumber non-Solaris audit events in order to avoid possible future collisions, and to adopt a unique OpenBSM header token version number. There are also a number of bug fixes, cleanups, etc. Download (464K).

2006-06-27 - OpenBSM 1.0 alpha 7 snapshot is a test release of the OpenBSM code base, and matches what is present in FreeBSD CVS at this date. In this revision, the primary changes involve improvements in the creation of subject tokens, and portability improvements. Download (464K).

2006-06-02 - OpenBSM 1.0 alpha 6 snapshot is a test release of the OpenBSM code base, and matches what is present in FreeBSD CVS at this date. In this revision, the primary changes are the introduction an experimental audit filter environment, improved APIs for submitting audit records from applications, and general bug fixing. Download (464K).

2006-03-04 - OpenBSM 1.0 alpha 5 snapshot is a test release of the OpenBSM code base, and matches what is present in FreeBSD CVS at this date. The primary change from alpha 4 is the introduction of autoconf/automake support, which allows it to build on Darwin and Linux. Download (432K).

2006-02-23 - OpenBSM 1.0 alpha 4 snapshot is an initial test release of the OpenBSM code base, and matches what is present in FreeBSD CVS at this date. Download (86K).