freebsd security - Oct 2006 - Audit handbook chapter review, call for general testing

Dear All,

Over the past week or so, I have spent some time updating Tom Rhodes' 
excellent FreeBSD Handbook chapter on Audit for some of the more recent audit 
changes, such as new features in more recent OpenBSM versions.  Since FreeBSD 
6.2-BETA2 contains what is likely the final drop of the audit code (modulo any 
bug fixes) for 6.2-RELEASE, now would be a great time for people interested in 
Audit to read the handbook chapter and give Audit a try.

And then, of course, send feedback to the TrustedBSD audit mailing list with 
all the bugs and problems you find :-).  This will give us time to shake out 
these bugs, further enhance the documentation, etc, before BETA3 in a week or 
so, and ideally chase out any remaining significant bugs over the next month 
before the release.

You can find the handbook chapter here:

     http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html

The man pages installed as part of recent RELENG_6 and 6.2-BETA2 are also 
pretty complete, and include more detailed reference information.  The 
audit(4) man page has a good set of cross-references to various commands 
(audit(8), auditd(8), praudit(8), auditreduce(8)), as well as the audit 
configuration files (audit_control(5), audit_user(5), etc).

Remember that audit support in 6.2-RELEASE will be considered experimental, 
and has a number of known limitations (such as not fully auditing all 
non-native FreeBSD system call interfaces, and not auditing all userland 
administrative events of interest), but it should be useful and usable enough 
to run on many production systems and contribute to system security.

Thanks,

Robert N M Watson
Computer Laboratory
University of Cambridge