1293161SbruefferOpenBSM 2155131Srwatson 3155131Srwatson Introduction 4155131Srwatson 5191273SrwatsonOpenBSM is an open source implementation of Sun's BSM event auditing file 6191273Srwatsonformat and API. Originally created for Apple Computer by McAfee Research, 7191273SrwatsonOpenBSM is now maintained by volunteers and through the generous contribution 8191273Srwatsonof several organizations. 9155131Srwatson 10191273SrwatsonOpenBSM includes several command line tools, including auditreduce(8) and 11191273Srwatsonpraudit(8) for reducing and printing audit trails, as well as the libbsm(3) 12191273Srwatsonlibrary to manage configuration files, generate audit records, and parse and 13293161Sbruefferprint audit trails. 14191273Srwatson 15191273SrwatsonCoupled with a kernel audit implementation, OpenBSM can be used to maintain 16191273Srwatsonsystem audit streams, and is a foundation for a full audit-enabled system. 17191273SrwatsonPortions of OpenBSM, including include files and token-building routines, are 18191273Srwatsonreusable in a kernel audit implementation, and may be found in the FreeBSD 19191273Srwatsonand Mac OS X kernels. 20191273Srwatson 21155131Srwatson Contents 22155131Srwatson 23155131SrwatsonOpenBSM consists of several directories: 24155131Srwatson 25155131Srwatson bin/ Audit-related command line tools 26185573Srwatson bsm/ Library include files for BSM 27191273Srwatson compat/ Compatibility code to build on various operating systems 28155131Srwatson etc/ Sample /etc/security configuration files 29186647Srwatson libauditd Common audit management functions for auditd and launchd 30155131Srwatson libbsm/ Implementation of BSM library interfaces and man pages 31155131Srwatson man/ System call and configuration file man pages 32168777Srwatson modules/ Directory for auditfilterd module source 33185573Srwatson sys/ System include files for BSM 34168777Srwatson test/ Test token sets and geneneration program 35168777Srwatson tools/ Tool directory, including audump to dump databases 36155131Srwatson 37168777SrwatsonThe following programs are included with OpenBSM: 38155131Srwatson 39168777Srwatson audit Command line audit control tool 40168777Srwatson auditd Audit management daemon 41243750Srwatson auditdistd Audit trail distribution daemon 42168777Srwatson auditfilterd Experimental event monitoring framework 43168777Srwatson auditreduce Audit trail reduction tool 44168777Srwatson audump Debugging tool to parse and print audit databases 45168777Srwatson praudit Tool to print audit trails 46168777Srwatson 47185573Srwatson Build and Installation 48155131Srwatson 49185573SrwatsonPlease see the file INSTALL for build and installation instructions. 50155131Srwatson 51155131Srwatson Contributions 52155131Srwatson 53155131SrwatsonThe TrustedBSD Project would appreciate the contribution of bug fixes, 54155131Srwatsonenhancements, etc, under identically or substantially similar licenses to 55191273Srwatsonthose present on the remainder of the OpenBSM source code. Please see the 56191273Srwatsonfile CREDITS to learn more about who has contributed to the project. 57155131Srwatson 58155131Srwatson Location 59155131Srwatson 60155131SrwatsonInformation on OpenBSM may be found on the OpenBSM home page: 61155131Srwatson 62155131Srwatson http://www.OpenBSM.org/ 63155131Srwatson 64155131SrwatsonInformation on TrustedBSD may be found on the TrustedBSD home page: 65155131Srwatson 66155131Srwatson http://www.TrustedBSD.org/ 67