README revision 171538
1187214SrwatsonOpenBSM 1.0 2187214Srwatson 3187214Srwatson Introduction 4187214Srwatson 5187214SrwatsonOpenBSM provides an open source implementation of Sun's BSM Audit API. 6187214SrwatsonOriginally created under contract to Apple Computer by McAfee Research, this 7187214Srwatsonimplementation is now maintained by volunteers and the generous contribution 8187214Srwatsonof several organizations. Coupled with a kernel audit implementation, 9187214SrwatsonOpenBSM can be used to maintain system audit streams, and is a foundation for 10187214Srwatsonan Audit-enabled system. Portions of OpenBSM, including include files and 11187214Srwatsontoken-building routines, are reusable in a kernel audit implementation, and 12187214Srwatsonmay be found in the FreeBSD and Mac OS X kernels. 13187214Srwatson 14187214Srwatson Contents 15187214Srwatson 16187214SrwatsonOpenBSM consists of several directories: 17187214Srwatson 18187214Srwatson bin/ Audit-related command line tools 19187214Srwatson bsm/ System include files for BSM 20187214Srwatson compat/ Compatibility code to build on various OS's 21187214Srwatson etc/ Sample /etc/security configuration files 22187214Srwatson libbsm/ Implementation of BSM library interfaces and man pages 23187214Srwatson man/ System call and configuration file man pages 24187214Srwatson modules/ Directory for auditfilterd module source 25187214Srwatson test/ Test token sets and geneneration program 26187214Srwatson tools/ Tool directory, including audump to dump databases 27187214Srwatson 28187214SrwatsonThe following programs are included with OpenBSM: 29187214Srwatson 30187214Srwatson audit Command line audit control tool 31187214Srwatson auditd Audit management daemon 32187214Srwatson auditfilterd Experimental event monitoring framework 33187214Srwatson auditreduce Audit trail reduction tool 34187214Srwatson audump Debugging tool to parse and print audit databases 35187214Srwatson praudit Tool to print audit trails 36187214Srwatson 37187214Srwatson Building 38187214Srwatson 39187214SrwatsonOpenBSM is currently built using autoconf and automake, which should allow 40187214Srwatsonfor building on a range of operating systems, including FreeBSD, Mac OS X, 41187214Srwatsonand Linux. Depending on the availability of audit facilities in the 42187214Srwatsonunderlying operating system, some components that depend on kernel audit 43187214Srwatsonsupport are built conditionally. Typically, build will be performed using: 44187214Srwatson 45187214Srwatson ./configure 46187214Srwatson make 47187214Srwatson 48187214SrwatsonTo install, use: 49187214Srwatson 50187214Srwatson make install 51187214Srwatson 52187214SrwatsonYou may wish to specify that the OpenBSM components not be installed in the 53187214Srwatsonbase system, rather in a specific directory. This may be done using the 54187214Srwatson--prefix argument to configure. If installing to a specific directory, 55187214Srwatsonremember to update your library path so that running tools from that 56187214Srwatsondirectory the correct libbsm is used: 57187214Srwatson 58187214Srwatson ./configure --prefix=/home/rwatson/openbsm 59187214Srwatson make 60187214Srwatson make install 61187214Srwatson LD_LIBRARY_PATH=/home/rwatson/openbsm/libbsm ; export LD_LIBRARY_PATH 62187214Srwatson 63187214SrwatsonYou will need to manually propagate openbsm/etc/* into /etc on your system; 64187214Srwatsonthis is not done automatically so as to avoid disrupting the current 65187214Srwatsonconfiguration. Currently, the locations of these files is not configurable. 66187214Srwatson 67187214Srwatson Credits 68187214Srwatson 69187214SrwatsonThe following organizations and individuals have contributed substantially to 70187214Srwatsonthe development of OpenBSM: 71187214Srwatson 72187214Srwatson Apple Computer, Inc. 73187214Srwatson McAfee Research, McAfee, Inc. 74187214Srwatson SPARTA, Inc. 75187214Srwatson Robert Watson 76187214Srwatson Wayne Salamon 77187214Srwatson Suresh Krishnaswamy 78187214Srwatson Kevin Van Vechten 79187214Srwatson Tom Rhodes 80187214Srwatson Wojciech Koszek 81187214Srwatson Chunyang Yuan 82187214Srwatson Poul-Henning Kamp 83187214Srwatson Christian Brueffer 84187214Srwatson Olivier Houchard 85187214Srwatson Christian Peron 86187214Srwatson Martin Fong 87187214Srwatson Pawel Worach 88187214Srwatson Martin Englund 89187214Srwatson Ruslan Ermilov 90191273Srwatson Martin Voros 91187214Srwatson Diego Giagio 92187214Srwatson Alex Samorukov 93187214Srwatson 94187214SrwatsonIn addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel 95187214SrwatsonSoftware's FlexeLint tool were used to identify a number of bugs in the 96187214SrwatsonOpenBSM implementation. 97187214Srwatson 98187214Srwatson Contributions 99187214Srwatson 100187214SrwatsonThe TrustedBSD Project would appreciate the contribution of bug fixes, 101187214Srwatsonenhancements, etc, under identically or substantially similar licenses to 102187214Srwatsonthose present on the remainder of the OpenBSM source code. 103187214Srwatson 104187214Srwatson Location 105187214Srwatson 106187214SrwatsonInformation on OpenBSM may be found on the OpenBSM home page: 107187214Srwatson 108187214Srwatson http://www.OpenBSM.org/ 109187214Srwatson 110187214SrwatsonInformation on TrustedBSD may be found on the TrustedBSD home page: 111187214Srwatson 112187214Srwatson http://www.TrustedBSD.org/ 113187214Srwatson 114187214Srwatson$P4: //depot/projects/trustedbsd/openbsm/README#24 $ 115