search for: openbsm

FYI for those working with audit and intrusion detection on FreeBSD. Robert N M Watson ---------- Forwarded message ---------- Date: Mon, 5 Jun 2006 17:01:04 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: current@FreeBSD.org Cc: trustedbsd-audit@TrustedBSD.org Subject: Heads up: OpenBSM 1.0a6, per-auditpipe preselection imported to CVS This is a heads up to current@ users regarding two moderate sized sets of changes that entered FreeBSD CVS today: (1) I imported OpenBSM 1.0 alpha 6. (2) I imported support for per-auditpipe preselection. Detailed commit messages are below. Ro...

Hello I have some issues with OpenBSM which i cannot resolve, so i decided to ask there. 1) I found some bugs in the auditreduce utility and created patch for it - http://www.freebsd.org/cgi/query-pr.cgi?pr=114534. Please, someone from freebsd team - take it, i think its better to fix this before next release. 2) I found that when...

I think I've found a bug with sshd handling audit events for commands (like scp) over ssh1 connections. Specifically, after updating to a recent FreeBSD 6.x with audit support, I'm getting log messages like these when using scp over ssh1: Sep 12 14:13:16 <auth.info> bm55 sshd[12335]: Accepted rsa for xxx from A.B.C.D port 2981 Sep 12 14:13:16 <auth.crit> bm55 sshd[12335]:

...formation to various mailing lists for those interested in giving this a try. You can learn more about Audit by reading the handbook chapter, and visiting http://www.TrustedBSD.org/audit.html As an FYI for those interested, we are shipping the user space audit components as a portable package, OpenBSM, so that BSM-based applications can be built to process Solaris, FreeBSD, and Mac OS X audit trails on a variety of platforms, including Linux, older versions of FreeBSD, and other *BSD systems. OpenBSM is present in the contrib tree in the FreeBSD source tree as a vendor branch import, and wi...

...formation to various mailing lists for those interested in giving this a try. You can learn more about Audit by reading the handbook chapter, and visiting http://www.TrustedBSD.org/audit.html As an FYI for those interested, we are shipping the user space audit components as a portable package, OpenBSM, so that BSM-based applications can be built to process Solaris, FreeBSD, and Mac OS X audit trails on a variety of platforms, including Linux, older versions of FreeBSD, and other *BSD systems. OpenBSM is present in the contrib tree in the FreeBSD source tree as a vendor branch import, and wi...

A few weeks back Robert Watson announced the merge of these features from 7 back into 6-STABLE. I hadn't seen any updates and was curious as to the status. Us 6-STABLE users are curious to test it out. Thanks. --A

...can learn more about the conference at: http://www.bsdcan.org/ This is a pretty neat technical conference relating to *BSD -- very grass roots, and good content. Based on last year's experience, I can recommend it highly! We'll be presenting on two topics: - The Darwin/FreeBSD/OpenBSM audit implementation -- what it does, how it works, why you should care, etc. We'll be doing the first formal OpenBSM release shortly before the conference. - A presentation on the SEBSD work -- the port of the SELinux FLASK/TE implementation to FreeBSD, and experimental work to brin...

https://bugzilla.mindrot.org/show_bug.cgi?id=1420 Summary: BSM support on Mac OS X Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: Mac OS X Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: bitbucket at mindrot.org

Hello, Freebsd-security. I'm grepping all sources for programs, which support audit and found strange thing: find . -name '*.c*' -print | \ grep -v -E '^./(sys|contrib/openbsm|tools/regression)' | \ xargs grep -E "\<(audit|au_)" shows, that only login(1), su(1), id(1) and sshd(1) uses audit. And even sshd(8) raise question: it doesn't call setaudit(2)! Even more, such command doesn't show anything about user login via ssh: auditreduce...

Dear All, Over the past week or so, I have spent some time updating Tom Rhodes' excellent FreeBSD Handbook chapter on Audit for some of the more recent audit changes, such as new features in more recent OpenBSM versions. Since FreeBSD 6.2-BETA2 contains what is likely the final drop of the audit code (modulo any bug fixes) for 6.2-RELEASE, now would be a great time for people interested in Audit to read the handbook chapter and give Audit a try. And then, of course, send feedback to the TrustedBSD au...

...kernel audit event engine, src/sys/security/audit, which includes various system calls, an event queue, kernel worker thread to process the queue, interfaces to capture system call information, a system call for user applications to submit audit records, pre-selection mechanism, etc. - OpenBSM, an implementation of the Solaris/OpenSolaris Basic Security Module API and file format for audit trails. This is derived from the BSM audit support found in the Apple Mac OS X and Darwin operating systems, although substantially reworked, cleaned up, and synchronized to recent BSM change...