OpenBSM 1.0 alpha 12 released
Robert Watson
rwatson at FreeBSD.org
Mon Sep 25 02:43:12 PDT 2006
OpenBSM 1.0 alpha 12 is now up the web site, and will be the second release
after incorporated into the FreeBSD 6-STABLE tree. It incorporates a number
of bug fixes and enhancements resulting from use by 6-STABLE users. The
download can be found at:
http://www.TrustedBSD.org/openbsm.html
Change notes from OpenBSM 1.0 alpha 11 below. I'll be incorporating this drop
into FreeBSD 7-CURRENT today, and 6-STABLE a few days later for inclusion in
6.2-BETA2 (skipping alpha 11, since this supercedes it).
Robert N M Watson
Computer Laboratory
University of Cambridge
OpenBSM 1.0 alpha 12
- Correct bug in auditreduce which prevented the -c option from working
correctly when the user specifies to process successful or failed events.
The problem stemmed from not having access to the return token at the time
the initial preselection occurred, but now a second preselection process
occurs while processing the return token.
- getacfilesz(3) API added to read new audit_control(5) filesz setting,
which auditd(8) now sets the kernel audit trail rotation size to.
- auditreduce(1) now uses stdin if no file names are specified on the command
line; this was the documented behavior previously, but it was not
implemented. Be more specific in auditreduce(1)'s examples section about
what might be done with the output of auditreduce.
- Add audit_warn(5) closefile event so that administrators can hook
termination of an audit trail file. For example, this might be used to
compress the trail file after it is closed.
- auditreduce(1) now uses regular expressions for pathname matching. Users can
now supply one or more (comma delimited) regular expressions for searching
the pathnames. If one of the regular expressions is prefixed with a tilde
(~), and a path matches, it will be excluded from the search results.
More information about the trustedbsd-audit
mailing list