1b6a05070SChristian BruefferOpenBSM 2ca0716f5SRobert Watson 3ca0716f5SRobert Watson Introduction 4ca0716f5SRobert Watson 5*5e386598SRobert WatsonOpenBSM is an open-source implementation of Sun's BSM event auditing file 6c0020399SRobert Watsonformat and API. Originally created for Apple Computer by McAfee Research, 7*5e386598SRobert WatsonOpenBSM is now maintained by volunteers and through the generous contributions 8c0020399SRobert Watsonof several organizations. 9c0020399SRobert Watson 10c0020399SRobert WatsonOpenBSM includes several command line tools, including auditreduce(8) and 11c0020399SRobert Watsonpraudit(8) for reducing and printing audit trails, as well as the libbsm(3) 12c0020399SRobert Watsonlibrary to manage configuration files, generate audit records, and parse and 13*5e386598SRobert Watsonprint audit trails. It also includes the auditd(8) audit configuration 14*5e386598SRobert Watsondaemon, and the auditdistd(8) audit-trail distribution daemon. 15c0020399SRobert Watson 16c0020399SRobert WatsonCoupled with a kernel audit implementation, OpenBSM can be used to maintain 17c0020399SRobert Watsonsystem audit streams, and is a foundation for a full audit-enabled system. 18c0020399SRobert WatsonPortions of OpenBSM, including include files and token-building routines, are 19c0020399SRobert Watsonreusable in a kernel audit implementation, and may be found in the FreeBSD 20c0020399SRobert Watsonand Mac OS X kernels. 21ca0716f5SRobert Watson 22ca0716f5SRobert Watson Contents 23ca0716f5SRobert Watson 24ca0716f5SRobert WatsonOpenBSM consists of several directories: 25ca0716f5SRobert Watson 26*5e386598SRobert Watson bin/ Audit-related command line tools and daemons 27*5e386598SRobert Watson bsm/ Library header files for BSM 28c0020399SRobert Watson compat/ Compatibility code to build on various operating systems 29ca0716f5SRobert Watson etc/ Sample /etc/security configuration files 30*5e386598SRobert Watson libauditd/ Common audit management functions for auditd and launchd 31ca0716f5SRobert Watson libbsm/ Implementation of BSM library interfaces and man pages 32ca0716f5SRobert Watson man/ System call and configuration file man pages 33bc168a6cSRobert Watson modules/ Directory for auditfilterd module source 34*5e386598SRobert Watson sys/ System header files for BSM 35bc168a6cSRobert Watson test/ Test token sets and geneneration program 36bc168a6cSRobert Watson tools/ Tool directory, including audump to dump databases 37ca0716f5SRobert Watson 38bc168a6cSRobert WatsonThe following programs are included with OpenBSM: 39bc168a6cSRobert Watson 40bc168a6cSRobert Watson audit Command line audit control tool 41bc168a6cSRobert Watson auditd Audit management daemon 42aa772005SRobert Watson auditdistd Audit trail distribution daemon 43bc168a6cSRobert Watson auditfilterd Experimental event monitoring framework 44bc168a6cSRobert Watson auditreduce Audit trail reduction tool 45bc168a6cSRobert Watson audump Debugging tool to parse and print audit databases 46bc168a6cSRobert Watson praudit Tool to print audit trails 47ca0716f5SRobert Watson 4852267f74SRobert Watson Build and Installation 49ca0716f5SRobert Watson 5052267f74SRobert WatsonPlease see the file INSTALL for build and installation instructions. 51ca0716f5SRobert Watson 52ca0716f5SRobert Watson Contributions 53ca0716f5SRobert Watson 54ca0716f5SRobert WatsonThe TrustedBSD Project would appreciate the contribution of bug fixes, 55*5e386598SRobert Watsonenhancements, etc, under the same license found in the top-level LICENSE file. 56*5e386598SRobert WatsonPlease see the file CREDITS to learn more about who has contributed to the 57*5e386598SRobert Watsonproject. 58ca0716f5SRobert Watson 59ca0716f5SRobert Watson Location 60ca0716f5SRobert Watson 61ca0716f5SRobert WatsonInformation on OpenBSM may be found on the OpenBSM home page: 62ca0716f5SRobert Watson 63ca0716f5SRobert Watson http://www.OpenBSM.org/ 64ca0716f5SRobert Watson 65ca0716f5SRobert WatsonInformation on TrustedBSD may be found on the TrustedBSD home page: 66ca0716f5SRobert Watson 67ca0716f5SRobert Watson http://www.TrustedBSD.org/ 68