OpenBSM: Remove $FreeSBD$ tags from the configuration files

In e61dc6cac4001f1abfc48ee27e4e623c2c044fa8 the configuration
files were taken off the vendor branch to help mergemaster
comparing them.

OpenBSM: Remove $FreeSBD$ tags from the configuration files

In e61dc6cac4001f1abfc48ee27e4e623c2c044fa8 the configuration
files were taken off the vendor branch to help mergemaster
comparing them.

Since mergemaster will be deprecated and $FreeBSD$ tags aren't
used anymore, remove them.

While here, sync audit_filter with upstream commit 5e6da76 (typo).

Reviewed by: imp
Approved by: imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D44318

show more ...

MFH r289384-r293170

Sponsored by: The FreeBSD Foundation

MFH @r292599

This includes the pluggable TCP framework and other chnages to the
netstack to track for VNET stability.

Security: The FreeBSD Foundation

Merge OpenBSM 1.2 alpha 4.

MFC after: 2 weeks
Relnotes: yes

Merge fresh head.

IFC @247348.

Sync with HEAD.

IFC @r243836

Merge OpenBSM 1.2-alpha2 from vendor branch to FreeBSD 10-CURRENT; the
primary new feature is auditdistd.

Obtained from: TrustedBSD Project
Sponsored by: The FreeBSD Foundation (auditdistd)

Merge from head

Merge from HEAD

Merge OpenBSM 1.1 from OpenBSM vendor branch to head.

OpenBSM history for imported revision below for reference.

MFC after: 2 weeks
Sponsored by: Apple, Inc.
Obtained from: TrustedBSD Proje

Merge OpenBSM 1.1 from OpenBSM vendor branch to head.

OpenBSM history for imported revision below for reference.

MFC after: 2 weeks
Sponsored by: Apple, Inc.
Obtained from: TrustedBSD Project

OpenBSM 1.1

- Change auditon(2) parameters and data structures to be 32/64-bit architecture
independent. Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new
commands are not supported.
- Add default for 'expire-after' in audit_control to expire trail files when
the audit directory is more than 10 megabytes ('10M').
- Interface to convert between local and BSM fcntl(2) command values has been
added: au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page. Also, make it clear that we want
the audit ID as the argument.
- A new audit event class 'aa', for post-login authentication and
authorization events, has been added.

show more ...

Update the projects tree to a newer FreeBSD current.

Merge OpenBSM 1.1 beta 1 from OpenBSM vendor branch to head, both
contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual
merge).

OpenBSM history for imported revision below for referen

Merge OpenBSM 1.1 beta 1 from OpenBSM vendor branch to head, both
contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual
merge).

OpenBSM history for imported revision below for reference.

MFC after: 1 month
Sponsored by: Apple, Inc.
Obtained from: TrustedBSD Project

OpenBSM 1.1 beta 1

- The filesz parameter in audit_control(5) now accepts suffixes: 'B' for
Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes.
For legacy support no suffix defaults to bytes.
- Audit trail log expiration support added. It is configured in
audit_control(5) with the expire-after parameter. If there is no
expire-after parameter in audit_control(5), the default, then the audit
trail files are not expired and removed. See audit_control(5) for
more information.
- Change defaults in audit_control: warn at 5% rather than 20% free for audit
partitions, rotate automatically at 2mb, and set the default policy to
cnt,argv rather than cnt so that execve(2) arguments are captured if
AUE_EXECVE events are audited. These may provide more usable defaults for
many users.
- Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert
au_to_socket_ex(3) arguments to BSM format.
- Fix error encoding AUT_IPC_PERM tokens.

show more ...

Resolve conflicts from OpenBSM 1.0 alpha 12 import.

Obtained from: TrustedBSD Project

Vendor import TrustedBSD OpenBSM 1.0 alpha 12, with the following change
history notes since the last import:

OpenBSM 1.0 alpha 12

- Correct bug in auditreduce which prevented the -c option from wo

Vendor import TrustedBSD OpenBSM 1.0 alpha 12, with the following change
history notes since the last import:

OpenBSM 1.0 alpha 12

- Correct bug in auditreduce which prevented the -c option from working
correctly when the user specifies to process successful or failed events.
The problem stemmed from not having access to the return token at the time
the initial preselection occurred, but now a second preselection process
occurs while processing the return token.
- getacfilesz(3) API added to read new audit_control(5) filesz setting,
which auditd(8) now sets the kernel audit trail rotation size to.
- auditreduce(1) now uses stdin if no file names are specified on the command
line; this was the documented behavior previously, but it was not
implemented. Be more specific in auditreduce(1)'s examples section about
what might be done with the output of auditreduce.
- Add audit_warn(5) closefile event so that administrators can hook
termination of an audit trail file. For example, this might be used to
compress the trail file after it is closed.
- auditreduce(1) now uses regular expressions for pathname matching. Users can
now supply one or more (comma delimited) regular expressions for searching
the pathnames. If one of the regular expressions is prefixed with a tilde
(~), and a path matches, it will be excluded from the search results.

MFC after: 3 days
Obtained from: TrustedBSD Project

show more ...

Resolve conflicts from OpenBSM 1.0 alpha 11 vendor import: we have locally
added $FreeBSD$ to /etc configuration files to assist mergemaster.

Vendor import of OpenBSM 1.0 alpha 11, with the following change history
notes since the last import:

OpenBSM 1.0 alpha 11

- Reclassify certain read/write operations as having no class rather than

Vendor import of OpenBSM 1.0 alpha 11, with the following change history
notes since the last import:

OpenBSM 1.0 alpha 11

- Reclassify certain read/write operations as having no class rather than the
fr/fw class; our default classes audit intent (open) not operations (read,
write).
- Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads
and writes of sysctls as separate events. Add additional kernel
environment and jail events for FreeBSD.
- Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER
(issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued
by the kernel audit implementation) so that they can be distinguished.
- Disable rate limiting of rotate requests; as the kernel doesn't retransmit
a dropped request, the log file will otherwise grow indefinitely if the
trigger is dropped.
- Improve auditd debugging output.
- Fix a number of threading related bugs in audit_control file reading
routines.
- Add APIs au_poltostr() and au_strtopol() to convert between text
representations of audit_control policy flags and the flags passed to
auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY).
- Add API getacpol() to return the 'policy:' entry from audit_control, an
extension to the Solaris file format to allow specification of policy
persistent flags.
- Update audump to print the audit_control policy field.
- Update auditd to read the audit_control policy field and set the kernel
policy to match it when configuring/reconfiguring. Remove the -s and -h
arguments as these policies are now set via the configuration file. If a
policy line is not found in the configuration file, continue with the
current default of setting AUDIT_CNT.
- Fix bugs in the parsing of large execve(2) arguments and environmental
variable tokens; increase maximum parsed argument and variable count.
- configure now detects strlcat(), used by policy-related functions.
- Reference token and record sample files added to test tree.

Obtained from: TrustedBSD Project

show more ...

Take contrib/openbsm/etc configuration files off the vendor branch in
order to add $FreeBSD$ tags, which helps mergemaster better manage
updating them.

Requested by: several
Obtained from: TrustedBS

Take contrib/openbsm/etc configuration files off the vendor branch in
order to add $FreeBSD$ tags, which helps mergemaster better manage
updating them.

Requested by: several
Obtained from: TrustedBSD Project

show more ...

Import OpenBSM 1.0 alpha 2, a minor update on alpha 1:

- Man page formatting improvements.
- A number of new audit event identifiers for FreeBSD, Linux, and POSIX.1b
events.
- Remove 'tfm' class,

Import OpenBSM 1.0 alpha 2, a minor update on alpha 1:

- Man page formatting improvements.
- A number of new audit event identifiers for FreeBSD, Linux, and POSIX.1b
events.
- Remove 'tfm' class, unused in OpenBSM.

Obtained from: TrustedBSD Project

show more ...

This commit was generated by cvs2svn to compensate for changes in r155290,
which included commits to RCS files with non-trunk default branches.

Initial vendor import of the TrustedBSD OpenBSM distribution, version
1.0 alpha 1, an implementation of the documented Sun Basic Security
Module (BSM) Audit API and file format, as well as local exte

Initial vendor import of the TrustedBSD OpenBSM distribution, version
1.0 alpha 1, an implementation of the documented Sun Basic Security
Module (BSM) Audit API and file format, as well as local extensions to
support the Mac OS X and FreeBSD operating systems. Also included are
command line tools for audit trail reduction and conversion to text,
as well as documentation of the commands, file format, and APIs. This
distribution is the foundation for the TrustedBSD Audit implementation,
and is a pre-release.

This is the first in a series of commits to introduce support for
Common Criteria CAPP security event audit support.

This software has been made possible through the generous
contributions of Apple Computer, Inc., SPARTA, Inc., as well as
members of the TrustedBSD Project, including Wayne Salamon <wsalamon>
and Tom Rhodes <trhodes>. The original OpenBSM implementation was
created by McAfee Research under contract to Apple Computer, Inc., as
part of their CC CAPP security evaluation.

Many thanks to: wsalamon, trhodes
Obtained from: TrustedBSD Project

show more ...

This commit was generated by cvs2svn to compensate for changes in r155131,
which included commits to RCS files with non-trunk default branches.

Merge from HEAD

Merge OpenBSM 1.1 from OpenBSM vendor branch to head.

OpenBSM history for imported revision below for reference.

MFC after: 2 weeks
Sponsored by: Apple, Inc.
Obtained from: TrustedBSD Proje

Merge OpenBSM 1.1 from OpenBSM vendor branch to head.

OpenBSM history for imported revision below for reference.

MFC after: 2 weeks
Sponsored by: Apple, Inc.
Obtained from: TrustedBSD Project

OpenBSM 1.1

- Change auditon(2) parameters and data structures to be 32/64-bit architecture
independent. Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new
commands are not supported.
- Add default for 'expire-after' in audit_control to expire trail files when
the audit directory is more than 10 megabytes ('10M').
- Interface to convert between local and BSM fcntl(2) command values has been
added: au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page. Also, make it clear that we want
the audit ID as the argument.
- A new audit event class 'aa', for post-login authentication and
authorization events, has been added.

show more ...