mirror of
https://git.FreeBSD.org/src.git
synced 2025-01-14 14:55:41 +00:00
5e386598a6
- Add a new "qsize" parameter in audit_control and the getacqsize(3) API to query it, allowing to set the kernel's maximum audit queue length. - Add support to push a mapping between audit event names and event numbers into the kernel (where supported) using new A_GETEVENT and A_SETEVENT auditon(2) operations. - Add audit event identifiers for a number of new (and not-so-new) FreeBSD system calls including those for asynchronous I/O, thread management, SCTP, jails, multi-FIB support, and misc. POSIX interfaces such as posix_fallocate(2) and posix_fadvise(2). - On operating systems supporting Capsicum, auditreduce(1) and praudit(1) now run sandboxed. - Empty "flags" and "naflags" fields are now permitted in audit_control(5). Many thanks to Christian Brueffer for producing the OpenBSM release and importing/tagging it in the vendor branch. This release will allow improved auditing of a range of new FreeBSD functionality, as well as non-traditional events (e.g., fine-grained I/O auditing) not required by the Orange Book or Common Criteria. Obtained from: TrustedBSD Project Sponsored by: DARPA, AFRL MFC after: 3 weeks
523 lines
26 KiB
Plaintext
523 lines
26 KiB
Plaintext
OpenBSM Version History
|
|
|
|
OpenBSM 1.2 alpha 5
|
|
|
|
- Add a new "qsize" parameter in audit_control and the getacqsize(3) API to
|
|
query it, allowing to set the kernel's maximum audit queue length.
|
|
- Add support to push a mapping between audit event names and event numbers
|
|
into the kernel (where supported) using new A_GETEVENT and A_SETEVENT
|
|
auditon(2) operations.
|
|
- Add audit event identifiers for a number of new (and not-so-new) FreeBSD
|
|
system calls including those for asynchronous I/O, thread management, SCTP,
|
|
jails, multi-FIB support, and misc. POSIX interfaces such as
|
|
posix_fallocate(2) and posix_fadvise(2).
|
|
- On operating systems supporting Capsicum, auditreduce(1) and praudit(1) now
|
|
run sandboxed.
|
|
- Empty "flags" and "naflags" fields are now permitted in audit_control(5).
|
|
|
|
OpenBSM 1.2 alpha 4
|
|
|
|
- Fix praudit to emit correct XML.
|
|
- Fix auditdistd bugs related to IPv6 support, locking, and a kqueue-related
|
|
descriptor leak.
|
|
- Add audit event definitions for Capsicum-related syscalls, as well as
|
|
AUE_BINDAT and AUE_CONNECTAT.
|
|
- Manpage symlinks for all libbsm functions are installed again after the
|
|
move to autotools in OpenBSM 1.0 Alpha 5.
|
|
- A variety of minor documentation cleanups.
|
|
|
|
OpenBSM 1.2 alpha 3
|
|
|
|
- Various minor tweaks to the auditdistd build to make it fit the FreeBSD
|
|
build environment better.
|
|
- AUE_WAIT6 merged from FreeBSD 9.
|
|
|
|
OpenBSM 1.2 alpha 2
|
|
|
|
- auditdistd, a distributed audit trail management daemon, has now been
|
|
merged. This allows trail files to be securely and reliably synced from
|
|
audited hosts to an audit server, and employs TLS encryption. Where
|
|
available, it uses Capsicum to sandbox the service. This work was
|
|
contributed by Pawel Jakub Dawidek under sponsorship from the FreeBSD
|
|
Foundation.
|
|
|
|
OpenBSM 1.2 alpha 1
|
|
|
|
- Add Capsicum-related error numbers for FreeBSD: ENOTCAPABLE, ECAPMODE.
|
|
- Add Capsicum, process descriptor audit events for FreeBSD.
|
|
- Allow 0% minspace.
|
|
- Fixes from the clang static analyser.
|
|
- Fix expiration of trail files when the host parameter is used.
|
|
- Various typo fixes.
|
|
- Support for Solaris privilege and privilege set tokens.
|
|
- Documentation for getachost(), improvements for getacfilesz().
|
|
- Fix a directory descriptor leak that happened when audit trail partitions
|
|
filled.
|
|
- Support for more Linux distributions with a partial contemporary endian.h.
|
|
- Improved escaping of XML-encapsulated BSM.
|
|
- A variety of minor documentation, style, and functional.
|
|
|
|
OpenBSM 1.1p2
|
|
|
|
- Fix audit_event definitions of AUE_OPENAT_RWT and AUE_OPENAT_RWTC.
|
|
- Fix build on Linux.
|
|
- Fix printing of class masks in the audump tool.
|
|
|
|
OpenBSM 1.1p1
|
|
|
|
- Fixes to AUT_SOCKUNIX token parsing.
|
|
- IPv6 support for au_to_me(3).
|
|
- Improved robustness in the parsing of audit_control, especially long
|
|
flags/naflags strings and whitespace in all fields.
|
|
- Add missing conversion of a number of FreeBSD/Mac OS X errnos to/from BSM
|
|
error number space.
|
|
|
|
OpenBSM 1.1
|
|
|
|
- Change auditon(2) parameters and data structures to be 32/64-bit architecture
|
|
independent. Add more information to man page about auditon(2) parameters.
|
|
- Add wrapper functions for auditon(2) to use legacy commands when the new
|
|
commands are not supported.
|
|
- Add default for 'expire-after' in audit_control to expire trail files when
|
|
the audit directory is more than 10 megabytes ('10M').
|
|
- Interface to convert between local and BSM fcntl(2) command values has been
|
|
added: au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
|
|
definitions of constants in audit_fcntl.h.
|
|
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
|
|
generated by audit_submit(3) were improperly encoded has been fixed.
|
|
- Fix example in audit_submit(3) man page. Also, make it clear that we want
|
|
the audit ID as the argument.
|
|
- A new audit event class 'aa', for post-login authentication and
|
|
authorization events, has been added.
|
|
|
|
OpenBSM 1.1 beta 1
|
|
|
|
- The filesz parameter in audit_control(5) now accepts suffixes: 'B' for
|
|
Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes.
|
|
For legacy support no suffix defaults to bytes.
|
|
- Audit trail log expiration support added. It is configured in
|
|
audit_control(5) with the expire-after parameter. If there is no
|
|
expire-after parameter in audit_control(5), the default, then the audit
|
|
trail files are not expired and removed. See audit_control(5) for
|
|
more information.
|
|
- Change defaults in audit_control: warn at 5% rather than 20% free for audit
|
|
partitions, rotate automatically at 2mb, and set the default policy to
|
|
cnt,argv rather than cnt so that execve(2) arguments are captured if
|
|
AUE_EXECVE events are audited. These may provide more usable defaults for
|
|
many users.
|
|
- Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert
|
|
au_to_socket_ex(3) arguments to BSM format.
|
|
- Fix error encoding AUT_IPC_PERM tokens.
|
|
|
|
OpenBSM 1.1 alpha 5
|
|
|
|
- Stub libauditd(3) man page added.
|
|
- All BSM error number constants with BSM_ERRNO_.
|
|
- Interfaces to convert between local and BSM socket types and protocol
|
|
families have been added: au_bsm_to_domain(3), au_bsm_to_socket_type(3),
|
|
au_domain_to_bsm(3), and au_socket_type_to_bsm(3), along with definitions
|
|
of constants in audit_domain.h and audit_socket_type.h. This improves
|
|
interoperability by converting local constant spaces, which vary by OS, to
|
|
and from Solaris constants (where available) or OpenBSM constants for
|
|
protocol domains not present in Solaris (a fair number). These routines
|
|
should be used when generating and interpreting extended socket tokens.
|
|
- Fix build warnings with full gcc warnings enabled on most supported
|
|
platforms.
|
|
- Don't compile error strings into bsm_errno.c when building it in the kernel
|
|
environment.
|
|
- When started by launchd, use the label com.apple.auditd rather than
|
|
org.trustedbsd.auditd.
|
|
|
|
OpenBSM 1.1 alpha 4
|
|
|
|
- With the addition of BSM error number mapping, we also need to map the
|
|
local error number passed to audit_submit(3) to a BSM error number, rather
|
|
than have the caller perform that conversion.
|
|
- Reallocate user audit events to avoid collisions with Solaris; adopt a more
|
|
formal allocation scheme, and add some events allocated in Solaris that
|
|
will be of immediate use on other platforms.
|
|
- Add an event for Calife.
|
|
- Add au_strerror(3), which allows generating strings for BSM errors
|
|
directly, rather than requiring applications to map to the local error
|
|
space, which might not be able to entirely represent the BSM error number
|
|
space.
|
|
- Major auditd rewrite for launchd(8) support. Add libauditd library that is
|
|
shared between launchd and auditd.
|
|
- Add AUDIT_TRIGGER_INITIALIZE trigger (sent via 'audit -i') for (re)starting
|
|
auditing under launchd(8) on Mac OS X.
|
|
- Add 'current' symlink to active audit trail.
|
|
- Add crash recovery of previous audit trail file when detected on audit
|
|
startup that it has not been properly terminated.
|
|
- Add the event AUE_audit_recovery to indicated when an audit trail file has
|
|
been recovered from not being properly terminated. This event is stored
|
|
in the new audit trail file and includes the path of recovered audit trail
|
|
file.
|
|
- Mac OS X and FreeBSD dependent code in auditd.c is separated into
|
|
auditd_darwin.c and auditd_fbsd.c files.
|
|
- Add an event for the posix_spawn(2) and fsgetpath(2) Mac OS X system calls.
|
|
- For Mac OS X, we use ASL(3) instead of syslog(3) for logging.
|
|
- Add support for NOTICE level logging.
|
|
|
|
OpenBSM 1.1 alpha 3
|
|
|
|
- Add two new functions, au_bsm_to_errno() and au_errno_to_bsm(), to map
|
|
between BSM error numbers (largely the Solaris definitions) and local
|
|
errno(2) values for 32-bit and 64-bit return tokens. This is required as
|
|
operating systems don't agree on some of the values of more recent error
|
|
numbers.
|
|
- Fix a bug how au_to_exec_args(3) and au_to_exec_env(3) calculates the total
|
|
size for the token. This bug resulted in "unknown" tokens being printed
|
|
after the exec args/env tokens.
|
|
- Support for AUT_SOCKET_EX extended socket tokens, which describe a socket
|
|
using a pair of IPv4/IPv6 and port tuples.
|
|
- OpenBSM BSM file header version bumped for 1.1 release.
|
|
- Deprecated Darwin constants, such as TRAILER_PAD_MAGIC, removed.
|
|
|
|
OpenBSM 1.1 alpha 2
|
|
|
|
- Include files in OpenBSM are now broken out into two parts: library builds
|
|
required solely for user space, and system includes, which may also be
|
|
required for use in the kernels of systems integrating OpenBSM. Submitted
|
|
by Stacey Son.
|
|
- Configure option --with-native-includes allows forcing the use of native
|
|
include for system includes, rather than the versions bundled with OpenBSM.
|
|
This is intended specifically for platforms that ship OpenBSM, have adapted
|
|
versions of the system includes in a kernel source tree, and will use the
|
|
OpenBSM build infrastructure with an unmodified OpenBSM distribution,
|
|
allowing the customized system includes to be used with the OpenBSM build.
|
|
Submitted by Stacey Son.
|
|
- Various strcpy()'s/strcat()'s have been changed to strlcpy()'s/strlcat()'s
|
|
or asprintf(). Added compat/strlcpy.h for Linux.
|
|
- Remove compatibility defines for old Darwin token constant names; now only
|
|
BSM token names are provided and used.
|
|
- Add support for extended header tokens, which contain space for information
|
|
on the host generating the record.
|
|
- Add support for setting extended host information in the kernel, which is
|
|
used for setting host information in extended header tokens. The
|
|
audit_control file now supports a "host" parameter which can be used by
|
|
auditd to set the information; if not present, the kernel parameters won't
|
|
be set and auditd uses unextended headers for records that it generates.
|
|
|
|
OpenBSM 1.1 alpha 1
|
|
|
|
- Add option to auditreduce(1) which allows users to invert sense of
|
|
matching, such that BSM records that do not match, are selected.
|
|
- Fix bug in audit_write() where we commit an incomplete record in the
|
|
event there is an error writing the subject token. This was submitted
|
|
by Diego Giagio.
|
|
- Build support for Mac OS X 10.5.1 submitted by Eric Hall.
|
|
- Fix a bug which resulted in host XML attributes not being printed
|
|
while processing extended header tokens. This patch was submitted by
|
|
Martin Voros.
|
|
- Constification of function arguments so that const strings can be passed
|
|
as arguments to tokens. This patch was submitted by Xin LI.
|
|
- Modify the -m option so users can select more then one audit event.
|
|
- For Mac OS X, added Mach IPC support for audit trigger messages.
|
|
- Fixed a bug in getacna() which resulted in a locking problem on Mac OS X.
|
|
- Added LOG_PERROR flag to openlog when -d option is used with auditd.
|
|
- AUE events added for Mac OS X Leopard system calls.
|
|
|
|
OpenBSM 1.0
|
|
|
|
- Fix bug in auditreduce(1) which resulted in a memory fault/crash when
|
|
the user specified an event name with -m.
|
|
- Remove AU_.* hard-coded audit class constants, as audit classes are now
|
|
entirely dynamically configured using /etc/security/audit_class.
|
|
|
|
OpenBSM 1.0 alpha 15
|
|
|
|
- Fix bug when processing in_addr_ex tokens.
|
|
- Restore the behavior of printing the string/text specified while
|
|
auditing arg32 tokens.
|
|
- Synchronized audit event list to Solaris, picking up the *at(2) system call
|
|
definitions, now required for FreeBSD and Linux. Added additional events
|
|
for *at(2) system calls not present in Solaris.
|
|
- Bugs in auditreduce(1) fixed allowing partial date strings to be used in
|
|
filtering events.
|
|
|
|
OpenBSM 1.0 alpha 14
|
|
|
|
- Fix endian issues when processing IPv6 addresses for extended subject
|
|
and process tokens.
|
|
- gcc41 warnings clean.
|
|
- Teach audit_submit(3) about getaudit_addr(2).
|
|
- Add support for zonename tokens.
|
|
|
|
OpenBSM 1.0 alpha 13
|
|
|
|
- compat/clock_gettime.h now provides a compatibility implementation of
|
|
clock_gettime(), which fixes building on Mac OS X.
|
|
- Countless man page improvements, markup fixes, content fixs, etc.
|
|
- XML printing support via "praudit -x".
|
|
- audit.log.5 expanded to include additional BSM token types.
|
|
- Added encoding and decoding routines for process64_ex, process32_ex,
|
|
subject32_ex, header64, and attr64 tokens.
|
|
- Additional audit event identifiers for listen, mlockall/munlockall,
|
|
getpath, POSIX message queues, and mandatory access control.
|
|
|
|
OpenBSM 1.0 alpha 12
|
|
|
|
- Correct bug in auditreduce which prevented the -c option from working
|
|
correctly when the user specifies to process successful or failed events.
|
|
The problem stemmed from not having access to the return token at the time
|
|
the initial preselection occurred, but now a second preselection process
|
|
occurs while processing the return token.
|
|
- getacfilesz(3) API added to read new audit_control(5) filesz setting,
|
|
which auditd(8) now sets the kernel audit trail rotation size to.
|
|
- auditreduce(1) now uses stdin if no file names are specified on the command
|
|
line; this was the documented behavior previously, but it was not
|
|
implemented. Be more specific in auditreduce(1)'s examples section about
|
|
what might be done with the output of auditreduce.
|
|
- Add audit_warn(5) closefile event so that administrators can hook
|
|
termination of an audit trail file. For example, this might be used to
|
|
compress the trail file after it is closed.
|
|
- auditreduce(1) now uses regular expressions for pathname matching. Users can
|
|
now supply one or more (comma delimited) regular expressions for searching
|
|
the pathnames. If one of the regular expressions is prefixed with a tilde
|
|
(~), and a path matches, it will be excluded from the search results.
|
|
|
|
OpenBSM 1.0 alpha 11
|
|
|
|
- Reclassify certain read/write operations as having no class rather than the
|
|
fr/fw class; our default classes audit intent (open) not operations (read,
|
|
write).
|
|
- Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads
|
|
and writes of sysctls as separate events. Add additional kernel
|
|
environment and jail events for FreeBSD.
|
|
- Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER
|
|
(issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued
|
|
by the kernel audit implementation) so that they can be distinguished.
|
|
- Disable rate limiting of rotate requests; as the kernel doesn't retransmit
|
|
a dropped request, the log file will otherwise grow indefinitely if the
|
|
trigger is dropped.
|
|
- Improve auditd debugging output.
|
|
- Fix a number of threading related bugs in audit_control file reading
|
|
routines.
|
|
- Add APIs au_poltostr() and au_strtopol() to convert between text
|
|
representations of audit_control policy flags and the flags passed to
|
|
auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY).
|
|
- Add API getacpol() to return the 'policy:' entry from audit_control, an
|
|
extension to the Solaris file format to allow specification of policy
|
|
persistent flags.
|
|
- Update audump to print the audit_control policy field.
|
|
- Update auditd to read the audit_control policy field and set the kernel
|
|
policy to match it when configuring/reconfiguring. Remove the -s and -h
|
|
arguments as these policies are now set via the configuration file. If a
|
|
policy line is not found in the configuration file, continue with the
|
|
current default of setting AUDIT_CNT.
|
|
- Fix bugs in the parsing of large execve(2) arguments and environmental
|
|
variable tokens; increase maximum parsed argument and variable count.
|
|
- configure now detects strlcat(), used by policy-related functions.
|
|
- Reference token and record sample files added to test tree.
|
|
|
|
OpenBSM 1.0 alpha 10
|
|
|
|
- auditd now generates complete audit records for its events, as required for
|
|
application-submitted audit records in the FreeBSD kernel audit
|
|
implementation.
|
|
|
|
OpenBSM 1.0 alpha 9
|
|
|
|
- Rename many OpenBSM-specific constants and API elements containing the
|
|
strings "BSM" and "bsm" to "AUDIT" and "audit", observing that this is true
|
|
for almost all existing constants and APIs.
|
|
- Instead of passing a per-instance cookie directly into all audit filter
|
|
APIs, pass in the audit filter daemon state pointer, which is then used by
|
|
the module using an audit_filter_{get,set}cookie() API. This will allow
|
|
future service APIs provided by the filter daemon to maintain their own
|
|
state -- for example, per-module preselection state.
|
|
|
|
OpenBSM 1.0 alpha 8
|
|
|
|
- Correct typo in definition of AUR_INT.
|
|
- Adopt OpenSolaris constant values for AUDIT_* configuration flags.
|
|
- Arguments to au_to_exec_args() and au_to_exec_env() no longer const.
|
|
- Add kernel versions of au_to_exec_args() and au_to_exec_env().
|
|
- Fix exec argument type that is printed for env strings from 'arg' to 'env'.
|
|
- New OpenBSM token version number assigned, constants added for other
|
|
commonly seen version numbers.
|
|
- OpenBSM-specific events assigned numbers in the 43xxx range to avoid future
|
|
collisions with Solaris. Darwin events renamed to AUE_DARWIN_foo, as they
|
|
are now deprecated numberings.
|
|
- autoconf now detects clock_gettime(), which is not available on Darwin.
|
|
- praudit output fixes relating to arg32 and arg64 tokens.
|
|
- Maximum record size updated to 64k-1 to match Solaris record size limit.
|
|
- Various style and comment cleanups in include files.
|
|
|
|
OpenBSM 1.0 alpha 7
|
|
|
|
- Adopted Solaris-compatible format for subject32_ex and subject64_ex
|
|
tokens, which previously did not correctly implement variable length
|
|
address storage.
|
|
- Prefer inttypes.h to stdint.h; enhance queue.h detection to test for
|
|
TAILQ_FOREACH_SAFE(), which is present in recent BSD queue.h's, but not
|
|
older ones. OpenBSM now builds on some FreeBSD 4.x versions.
|
|
- New event types for extended attributes, ACLs, and scheduling.
|
|
|
|
OpenBSM 1.0 alpha 6
|
|
|
|
- Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close();
|
|
previously we used hard-coded 0 and 1 values.
|
|
- Add man page for au_open(), au_write(), au_close(), and
|
|
au_close_buffer().
|
|
- Support a more complete range of data types for the arbitrary data token:
|
|
add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias
|
|
to AUR_INT), add AUR_INT64.
|
|
- Add au_close_token(), which allows writing a single token_t to a memory
|
|
buffer. Not likely to be used much by applications, but useful for
|
|
writing test tools.
|
|
- Modify au_to_file() so that it accepts a timeval in user space, not just
|
|
kernel -- this is not a Solaris BSM API so can be modified without
|
|
causing compatibility issues.
|
|
- Define a new API, au_to_header32_tm(), which adds a struct timeval
|
|
argument to the ordinary au_to_header32(), which is now implemented by
|
|
wrapping au_to_header32_tm() and calling gettimeofday(). #ifndef KERNEL
|
|
the APIs that invoke gettimeofday(), rather than having a variable
|
|
definition. Don't try to retrieve time zone information using
|
|
gettimeofday(), as it's not needed, and introduces possible failure
|
|
modes.
|
|
- Don't perform byte order transformations on the addr/machine fields of
|
|
the terminal ID that appears in the process32/subject32 tokens. These
|
|
are assumed to be IP addresses, and as such, to be in network byte
|
|
order.
|
|
- Universally, APIs now assume that IP addresses and ports are provided
|
|
in network byte order. APIs now generally provide these types in
|
|
network byte order when decoding.
|
|
- Beginnings of an OpenBSM test framework can now be found in openbsm/test.
|
|
This code is not built or installed by default.
|
|
- auditd now assigns more appropriate syslog levels to its debugging and
|
|
error information.
|
|
- Support for audit filters introduced: audit filters are dynamically
|
|
loaded shared objects that run in the context of a new daemon,
|
|
auditfilterd. The daemon reads from an audit pipe and feeds both BSM and
|
|
parsed versions of records to shared objects using a module API. This
|
|
will provide a framework for the writing of intrusion detection services.
|
|
- New utility API, audit_submit(), added to capture common elements of audit
|
|
record submission for many applications.
|
|
|
|
OpenBSM 1.0 alpha 5
|
|
|
|
- Update install notes to indicate /etc files are to be installed manually.
|
|
- On systems without LOG_SECURITY, use LOG_AUTH.
|
|
- Convert to autoconf/automake in order to move to a more portable (not
|
|
BSD-specific) build infrastructure, and more easy conditional building of
|
|
components. Currently, the primary feature loss is that automake does
|
|
not have native support for manual symlinks. This will be addressed in a
|
|
future OpenBSM release.
|
|
- Add compat/queue.h, to be used on systems dated BSD queue macro libraries
|
|
(as found on Linux).
|
|
- Rename CHANGELOG to HISTORY, as our change log doesn't follow some of the
|
|
existing conventions for a CHANGELOG.
|
|
- Some private data structures moved from audit.h to audit_internal.h to
|
|
prevent inappropriate use by applications and name space pollution.
|
|
- Improved detection and use of endian macros using autoconf.
|
|
- Avoid non-portable use of struct in6_addr, which is largely opaque.
|
|
- Avoid leaking BSD kernel socket related token code to user space in
|
|
bsm_token.c.
|
|
- Teach System V IPC calls to look for Linux naming variations for certain
|
|
struct ipc_perm fields.
|
|
- Test for audit system calls, and if not present, don't build
|
|
bsm_wrappers.c, bsm_notify.c, audit(8), and auditd(8), which rely on
|
|
those system calls.
|
|
- au_close() is not implemented on systems that don't have audit system
|
|
calls, but au_close_buffer() is.
|
|
- Work around missing BSDisms in bsm_wrapper.c.
|
|
- Fix nested includes so including libbsm.h in an application on Linux
|
|
picks up the necessary definitions.
|
|
|
|
OpenBSM 1.0 alpha 4
|
|
|
|
- Remove "audit" user example from audit_user, as it's not present on most
|
|
systems.
|
|
- Add cannot_audit() function non-Darwin systems that wraps auditon();
|
|
required by OpenSSH BSM support. Convert Darwin cannot_audit() into a
|
|
function rather than a macro.
|
|
- Library build fixed on Darwin following include file tweaks. The native
|
|
Darwin sys/audit.h conflicts with bsm/audit.h due to duplicate types, so
|
|
for now we force bsm_wrappers.c to not perform a nested include of
|
|
sys/audit.h.
|
|
|
|
OpenBSM 1.0 alpha 3
|
|
|
|
- Man page formatting, cross reference, mlinks, and accuracy improvements.
|
|
- auditd and tools now compile and run on FreeBSD/arm.
|
|
- auditd will now fchown() the trail file to the audit review group, if
|
|
defined at compile-time.
|
|
- Added AUE_SYSARCH for FreeBSD.
|
|
- Definition of AUE_SETFSGID fixed for Linux.
|
|
|
|
OpenBSM 1.0 alpha 2
|
|
|
|
- Man page formatting improvements.
|
|
- A number of new audit event identifiers for FreeBSD, Linux, and POSIX.1b
|
|
events.
|
|
- Remove 'tfm' class, unused in OpenBSM.
|
|
|
|
OpenBSM 1.0 alpha 1
|
|
|
|
- Import of Darwin74 BSM drop
|
|
- Use 'syslog' for audit log warnings, rather than echoing to a file in
|
|
audit_warn.
|
|
- Compile using BSD make infrastructure.
|
|
- Integrate bsm/ include files from Darwin74 XNU drop into OpenBSM.
|
|
- Narrow set of symbols and defines that are exposed in user space: don't
|
|
compile in code relying on kernel-only types such as 'struct socket'.
|
|
- Add README, including basic build documentation.
|
|
- Compilation of Apple-specific notify and Machroutines now #ifdef __APPLE__.
|
|
- Staticize libbsm global variables to avoid leakage into applications.
|
|
- Add free_au_user_ent() so that au_user_ent's don't have to be leaked.
|
|
- Clean up bogus nul-termination checks in libbsm.
|
|
- Add libbsm API man pages: au_class.3 au_control.3 au_event.3
|
|
au_free_token.3 au_io.3 au_mask.3 au_token.3 au_user.3 libbsm.3.
|
|
- Add man pages for BSM system calls: audit.2 auditctl.2 auditon.2 getaudit.2
|
|
getauid.2 setaudit.2 setauid.2
|
|
- Modify various libbsm interfaces to more consistently return 'errno' values
|
|
on failure.
|
|
- Break out au_close() into constituent parts, allowing records to be written
|
|
to memory as well as files.
|
|
- Prefix various defines with 'BSM_' to reduce name space pollution.
|
|
- Added audit_internal.h, which can be used by a kernel audit implementation
|
|
wanting to rely on libbsm components.
|
|
- Build with warnings, and eliminate warnings.
|
|
- Make libbsm endian-independent, storing and reading BSM are big endian
|
|
(network byte order) rather than native byte order. More consistently
|
|
print IP addresses using the IP address print routine. These changes
|
|
make use of sys/endian.h from *BSD; since this isn't present on Darwin,
|
|
add it to OpenBSM as compat/endian.h, which is used only on Darwin.
|
|
- Import of Darwin80 BSM drop, including 64-bit file IDs, better
|
|
documentation of private APIs, and bug fixes.
|
|
- White space cleanup.
|
|
- Add audit.log.5, a first cut at a man page documenting the BSM file format.
|
|
- Teach au_read_rec() to recognize stand-alone file tokens, which are present
|
|
at the beginning and end of Solaris audit trails. Technically, these
|
|
appear to violate the high level BSM spec, which suggests that all tokens
|
|
are present in records, but need to be supported.
|
|
- Implement HEADER64, ATTR64, SUBJECT64 token types, which make it possible
|
|
to run praudit(1) on basic Solaris BSM streams.
|
|
- Switched to Solaris spelling of token names; Darwin spellings are now
|
|
deprecated and will be removed in a future version of OpenBSM.
|
|
- Adopt Solaris model for representing IPv4 and IPv6 addresses.
|
|
- Prefer C99 types.
|
|
- Attempt to universally adopt the BSD style(9) coding style for
|
|
consistency.
|
|
- auditreduce(1) now has a usage message.
|
|
- Update support for auditctl(2) system call to support FreeBSD.
|
|
- Add support for /dev/audit as the trigger source on FreeBSD.
|
|
- Add additional event types for Darwin, FreeBSD, and Solaris. Annotate
|
|
conflicts (there are a few, unfortunately). Correct spellings, comment,
|
|
sort, etc. These include {get,set}res[ug]id(), sendfile(), lchflags(),
|
|
eaccess(), kqueue(), kevent(), poll(), lchmod().
|
|
- Relicensed under a BSD license, many thanks to Apple, Inc!
|
|
- Many bug fixes, cleanups, thread safety in the class, control, event,
|
|
and user system audit databases. Annotate some persisting atomicity
|
|
bugs associated with the API and implementation.
|
|
- Add audump test tool.
|
|
- Adopt OpenSolaris BSM API memory semantics: caller allocates memory,
|
|
or static memory is returned for non-_r() versions of API calls.
|
|
_free() calls dropped as a result, and source code compatibility with
|
|
OpenSolaris improved significantly.
|
|
- Annotate BSM events with origin OS and compatibility information.
|
|
- auditd(8), audit(8) added to the OpenBSM distribution. auditd extended
|
|
to support reloading of kernel event table.
|
|
- Allow comments in /etc/security configuration files.
|