README revision 168777
1155131SrwatsonOpenBSM 1.0 2155131Srwatson 3155131Srwatson Introduction 4155131Srwatson 5155131SrwatsonOpenBSM provides an open source implementation of Sun's BSM Audit API. 6168777SrwatsonOriginally created under contract to Apple Computer by McAfee Research, this 7168777Srwatsonimplementation is now maintained by volunteers and the generous contribution 8168777Srwatsonof several organizations. Coupled with a kernel audit implementation, 9168777SrwatsonOpenBSM can be used to maintain system audit streams, and is a foundation for 10168777Srwatsonan Audit-enabled system. Portions of OpenBSM, including include files and 11168777Srwatsontoken-building routines, are reusable in a kernel audit implementation, and 12168777Srwatsonmay be found in the FreeBSD and Mac OS X kernels. 13155131Srwatson 14155131Srwatson Contents 15155131Srwatson 16155131SrwatsonOpenBSM consists of several directories: 17155131Srwatson 18155131Srwatson bin/ Audit-related command line tools 19155131Srwatson bsm/ System include files for BSM 20168777Srwatson compat/ Compatibility code to build on various OS's 21155131Srwatson etc/ Sample /etc/security configuration files 22155131Srwatson libbsm/ Implementation of BSM library interfaces and man pages 23155131Srwatson man/ System call and configuration file man pages 24168777Srwatson modules/ Directory for auditfilterd module source 25168777Srwatson test/ Test token sets and geneneration program 26168777Srwatson tools/ Tool directory, including audump to dump databases 27155131Srwatson 28168777SrwatsonThe following programs are included with OpenBSM: 29155131Srwatson 30168777Srwatson audit Command line audit control tool 31168777Srwatson auditd Audit management daemon 32168777Srwatson auditfilterd Experimental event monitoring framework 33168777Srwatson auditreduce Audit trail reduction tool 34168777Srwatson audump Debugging tool to parse and print audit databases 35168777Srwatson praudit Tool to print audit trails 36168777Srwatson 37155131Srwatson Building 38155131Srwatson 39156283SrwatsonOpenBSM is currently built using autoconf and automake, which should allow 40156283Srwatsonfor building on a range of operating systems, including FreeBSD, Mac OS X, 41159248Srwatsonand Linux. Depending on the availability of audit facilities in the 42156283Srwatsonunderlying operating system, some components that depend on kernel audit 43168777Srwatsonsupport are built conditionally. Typically, build will be performed using: 44155131Srwatson 45156283Srwatson ./configure 46156283Srwatson make 47155131Srwatson 48156283SrwatsonTo install, use: 49155131Srwatson 50156283Srwatson make install 51155131Srwatson 52156283SrwatsonYou may wish to specify that the OpenBSM components not be installed in the 53156283Srwatsonbase system, rather in a specific directory. This may be done using the 54156283Srwatson--prefix argument to configure. If installing to a specific directory, 55156283Srwatsonremember to update your library path so that running tools from that 56156283Srwatsondirectory the correct libbsm is used: 57155131Srwatson 58156283Srwatson ./configure --prefix=/home/rwatson/openbsm 59156283Srwatson make 60156283Srwatson make install 61156283Srwatson LD_LIBRARY_PATH=/home/rwatson/openbsm/libbsm ; export LD_LIBRARY_PATH 62156283Srwatson 63156283SrwatsonYou will need to manually propagate openbsm/etc/* into /etc on your system; 64156283Srwatsonthis is not done automatically so as to avoid disrupting the current 65168777Srwatsonconfiguration. Currently, the locations of these files is not configurable. 66156283Srwatson 67155131Srwatson Credits 68155131Srwatson 69168777SrwatsonThe following organizations and individuals have contributed substantially to 70168777Srwatsonthe development of OpenBSM: 71155131Srwatson 72155131Srwatson Apple Computer, Inc. 73155131Srwatson McAfee Research, McAfee, Inc. 74155131Srwatson SPARTA, Inc. 75155131Srwatson Robert Watson 76155131Srwatson Wayne Salamon 77155131Srwatson Suresh Krishnaswamy 78155131Srwatson Kevin Van Vechten 79155131Srwatson Tom Rhodes 80155131Srwatson Wojciech Koszek 81155131Srwatson Chunyang Yuan 82155131Srwatson Poul-Henning Kamp 83155364Srwatson Christian Brueffer 84155364Srwatson Olivier Houchard 85155518Srwatson Christian Peron 86156283Srwatson Martin Fong 87161630Srwatson Pawel Worach 88161630Srwatson Martin Englund 89168777Srwatson Ruslan Ermilov 90168777Srwatson Martin Voros 91168777Srwatson Diego Giagio 92155131Srwatson 93155131SrwatsonIn addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel 94155131SrwatsonSoftware's FlexeLint tool were used to identify a number of bugs in the 95155131SrwatsonOpenBSM implementation. 96155131Srwatson 97155131Srwatson Contributions 98155131Srwatson 99155131SrwatsonThe TrustedBSD Project would appreciate the contribution of bug fixes, 100155131Srwatsonenhancements, etc, under identically or substantially similar licenses to 101155131Srwatsonthose present on the remainder of the OpenBSM source code. 102155131Srwatson 103155131Srwatson Location 104155131Srwatson 105155131SrwatsonInformation on OpenBSM may be found on the OpenBSM home page: 106155131Srwatson 107155131Srwatson http://www.OpenBSM.org/ 108155131Srwatson 109155131SrwatsonInformation on TrustedBSD may be found on the TrustedBSD home page: 110155131Srwatson 111155131Srwatson http://www.TrustedBSD.org/ 112155131Srwatson 113168777Srwatson$P4: //depot/projects/trustedbsd/openbsm/README#23 $ 114