Audit handbook chapter review, call for general testing
Robert Watson
rwatson at FreeBSD.org
Mon Oct 2 03:38:56 PDT 2006
Dear All,
Over the past week or so, I have spent some time updating Tom Rhodes'
excellent FreeBSD Handbook chapter on Audit for some of the more recent audit
changes, such as new features in more recent OpenBSM versions. Since FreeBSD
6.2-BETA2 contains what is likely the final drop of the audit code (modulo any
bug fixes) for 6.2-RELEASE, now would be a great time for people interested in
Audit to read the handbook chapter and give Audit a try.
And then, of course, send feedback to the TrustedBSD audit mailing list with
all the bugs and problems you find :-). This will give us time to shake out
these bugs, further enhance the documentation, etc, before BETA3 in a week or
so, and ideally chase out any remaining significant bugs over the next month
before the release.
You can find the handbook chapter here:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html
The man pages installed as part of recent RELENG_6 and 6.2-BETA2 are also
pretty complete, and include more detailed reference information. The
audit(4) man page has a good set of cross-references to various commands
(audit(8), auditd(8), praudit(8), auditreduce(8)), as well as the audit
configuration files (audit_control(5), audit_user(5), etc).
Remember that audit support in 6.2-RELEASE will be considered experimental,
and has a number of known limitations (such as not fully auditing all
non-native FreeBSD system call interfaces, and not auditing all userland
administrative events of interest), but it should be useful and usable enough
to run on many production systems and contribute to system security.
Thanks,
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the freebsd-security
mailing list