head	1.4;
access;
symbols
	RELENG_8_4:1.4.0.2
	RELENG_9_1_0_RELEASE:1.3
	RELENG_9_1:1.3.0.16
	RELENG_9_1_BP:1.3
	RELENG_8_3_0_RELEASE:1.3
	RELENG_8_3:1.3.0.14
	RELENG_8_3_BP:1.3
	RELENG_9_0_0_RELEASE:1.3
	RELENG_9_0:1.3.0.12
	RELENG_9_0_BP:1.3
	RELENG_9:1.3.0.10
	RELENG_9_BP:1.3
	RELENG_8_2_0_RELEASE:1.3
	RELENG_8_2:1.3.0.8
	RELENG_8_2_BP:1.3
	RELENG_8_1_0_RELEASE:1.3
	RELENG_8_1:1.3.0.6
	RELENG_8_1_BP:1.3
	RELENG_8_0_0_RELEASE:1.3
	RELENG_8_0:1.3.0.4
	RELENG_8_0_BP:1.3
	RELENG_8:1.3.0.2
	RELENG_8_BP:1.3;
locks; strict;
comment	@# @;


1.4
date	2012.12.01.12.01.17;	author svnexp;	state Exp;
branches
	1.4.2.1;
next	1.3;

1.3
date	2009.04.19.16.17.13;	author rwatson;	state Exp;
branches
	1.3.10.1;
next	1.2;

1.2
date	2009.03.02.13.29.18;	author rwatson;	state Exp;
branches;
next	1.1;

1.1
date	2008.12.02.23.26.43;	author rwatson;	state Exp;
branches;
next	;

1.4.2.1
date	2012.12.01.12.01.17;	author svnexp;	state dead;
branches;
next	1.4.2.2;

1.4.2.2
date	2013.03.28.13.01.52;	author svnexp;	state Exp;
branches;
next	;

1.3.10.1
date	2012.12.18.09.35.26;	author svnexp;	state Exp;
branches;
next	;


desc
@@


1.4
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/243750
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@OpenBSM Credits

The following organizations and individuals have contributed substantially to
the development of OpenBSM:

    Apple Inc.
    McAfee Research, McAfee, Inc.
    SPARTA, Inc.
    Robert Watson
    Wayne Salamon
    Suresh Krishnaswamy
    Kevin Van Vechten
    Tom Rhodes
    Wojciech Koszek
    Chunyang Yuan
    Poul-Henning Kamp
    Christian Brueffer
    Olivier Houchard
    Christian Peron
    Martin Fong
    Pawel Worach
    Martin Englund
    Ruslan Ermilov
    Martin Voros
    Diego Giagio
    Alex Samorukov
    Eric Hall
    Xin LI
    Stacey Son
    Todd Heberlein
    Gary Hoo
    Dave Bertouille
    Jonathan Anderson
    Pawel Jakub Dawidek
    Joel Dahl
    Ryan Steinmetz
    The FreeBSD Foundation

In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
Software's FlexeLint tool were used to identify a number of bugs in the
OpenBSM implementation.
@


1.4.2.1
log
@file CREDITS was added on branch RELENG_8_4 on 2013-03-28 13:01:52 +0000
@
text
@d1 41
@


1.4.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 35
OpenBSM Credits

The following organizations and individuals have contributed substantially to
the development of OpenBSM:

    Apple Inc.
    McAfee Research, McAfee, Inc.
    SPARTA, Inc.
    Robert Watson
    Wayne Salamon
    Suresh Krishnaswamy
    Kevin Van Vechten
    Tom Rhodes
    Wojciech Koszek
    Chunyang Yuan
    Poul-Henning Kamp
    Christian Brueffer
    Olivier Houchard
    Christian Peron
    Martin Fong
    Pawel Worach
    Martin Englund
    Ruslan Ermilov
    Martin Voros
    Diego Giagio
    Alex Samorukov
    Eric Hall
    Xin LI
    Stacey Son
    Todd Heberlein
    Gary Hoo

In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
Software's FlexeLint tool were used to identify a number of bugs in the
OpenBSM implementation.
@


1.3
log
@SVN rev 191273 on 2009-04-19 16:17:13Z by rwatson

Merge OpenBSM 1.1 from OpenBSM vendor branch to head.

OpenBSM history for imported revision below for reference.

MFC after:      2 weeks
Sponsored by:   Apple, Inc.
Obtained from:  TrustedBSD Project

OpenBSM 1.1

- Change auditon(2) parameters and data structures to be 32/64-bit architecture
  independent.  Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new
  commands are not supported.
- Add default for 'expire-after' in audit_control to expire trail files when
  the audit directory is more than 10 megabytes ('10M').
- Interface to convert between local and BSM fcntl(2) command values has been
  added:  au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
  definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
  generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page.  Also, make it clear that we want
  the audit ID as the argument.
- A new audit event class 'aa', for post-login authentication and
  authorization events, has been added.
@
text
@d32 6
@


1.3.10.1
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/244390
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r244390 | rwatson | 2012-12-18 09:32:44 +0000 (Tue, 18 Dec 2012) | 39 lines
## SVN ##
## SVN ## Merge OpenBSM 1.2-alpha3 from head to stable/9, upgrading from the previous
## SVN ## OpenBSM 1.1p2:
## SVN ##
## SVN ## OpenBSM 1.2 alpha 3
## SVN ##
## SVN ## - Various minor tweaks to the auditdistd build to make it fit the FreeBSD
## SVN ##   build environment better.
## SVN ## - AUE_WAIT6 merged from FreeBSD 9.
## SVN ##
## SVN ## OpenBSM 1.2 alpha 2
## SVN ##
## SVN ## - auditdistd, a distributed audit trail management daemon, has now been
## SVN ##   merged.  This allows trail files to be securely and reliably synced from
## SVN ##   audited hosts to an audit server, and employs TLS encryption.  Where
## SVN ##   available, it uses Capsicum to sandbox the service.  This work was
## SVN ##   contributed by Pawel Jakub Dawidek under sponsorship from the FreeBSD
## SVN ##   Foundation.
## SVN ##
## SVN ## OpenBSM 1.2 alpha 1
## SVN ##
## SVN ## - Add Capsicum-related error numbers for FreeBSD: ENOTCAPABLE, ECAPMODE.
## SVN ## - Add Capsicum, process descriptor audit events for FreeBSD.
## SVN ## - Allow 0% minspace.
## SVN ## - Fixes from the clang static analyser.
## SVN ## - Fix expiration of trail files when the host parameter is used.
## SVN ## - Various typo fixes.
## SVN ## - Support for Solaris privilege and privilege set tokens.
## SVN ## - Documentation for getachost(), improvements for getacfilesz().
## SVN ## - Fix a directory descriptor leak that happened when audit trail partitions
## SVN ##   filled.
## SVN ## - Support for more Linux distributions with a partial contemporary endian.h.
## SVN ## - Improved escaping of XML-encapsulated BSM.
## SVN ## - A variety of minor documentation, style, and functional.
## SVN ##
## SVN ## A separate commit will merge build changes to enable auditdistd, etc.
## SVN ##
## SVN ## Obtained from:	TrustedBSD Project
## SVN ## Sponsored by:	The FreeBSD Foundation (auditdistd)
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@a31 6
    Dave Bertouille
    Jonathan Anderson
    Pawel Jakub Dawidek
    Joel Dahl
    Ryan Steinmetz
    The FreeBSD Foundation
@


1.2
log
@SVN rev 189279 on 2009-03-02 13:29:18Z by rwatson

Merge OpenBSM 1.1 beta 1 from OpenBSM vendor branch to head, both
contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual
merge).

OpenBSM history for imported revision below for reference.

MFC after:      1 month
Sponsored by:   Apple, Inc.
Obtained from:  TrustedBSD Project

OpenBSM 1.1 beta 1

- The filesz parameter in audit_control(5) now accepts suffixes: 'B' for
  Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes.
  For legacy support no suffix defaults to bytes.
- Audit trail log expiration support added.  It is configured in
  audit_control(5) with the expire-after parameter.  If there is no
  expire-after parameter in audit_control(5), the default, then the audit
  trail files are not expired and removed.  See audit_control(5) for
  more information.
- Change defaults in audit_control: warn at 5% rather than 20% free for audit
  partitions, rotate automatically at 2mb, and set the default policy to
  cnt,argv rather than cnt so that execve(2) arguments are captured if
  AUE_EXECVE events are audited.  These may provide more usable defaults for
  many users.
- Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert
  au_to_socket_ex(3) arguments to BSM format.
- Fix error encoding AUT_IPC_PERM tokens.
@
text
@d31 1
@


1.1
log
@SVN rev 185573 on 2008-12-02 23:26:43Z by rwatson

Merge OpenBSM 1.1 alpha 2 from the OpenBSM vendor branch to head, both
contrib/openbsm (svn merge) and sys/{bsm,security/audit} (manual merge).

- Add OpenBSM contrib tree to include paths for audit(8) and auditd(8).
- Merge support for new tokens, fixes to existing token generation to
  audit_bsm_token.c.
- Synchronize bsm includes and definitions.

OpenBSM history for imported revisions below for reference.

MFC after:      1 month
Sponsored by:   Apple Inc.
Obtained from:  TrustedBSD Project

--

OpenBSM 1.1 alpha 2

- Include files in OpenBSM are now broken out into two parts: library builds
  required solely for user space, and system includes, which may also be
  required for use in the kernels of systems integrating OpenBSM.  Submitted
  by Stacey Son.
- Configure option --with-native-includes allows forcing the use of native
  include for system includes, rather than the versions bundled with OpenBSM.
  This is intended specifically for platforms that ship OpenBSM, have adapted
  versions of the system includes in a kernel source tree, and will use the
  OpenBSM build infrastructure with an unmodified OpenBSM distribution,
  allowing the customized system includes to be used with the OpenBSM build.
  Submitted by Stacey Son.
- Various strcpy()'s/strcat()'s have been changed to strlcpy()'s/strlcat()'s
  or asprintf().  Added compat/strlcpy.h for Linux.
- Remove compatibility defines for old Darwin token constant names; now only
  BSM token names are provided and used.
- Add support for extended header tokens, which contain space for information
  on the host generating the record.
- Add support for setting extended host information in the kernel, which is
  used for setting host information in extended header tokens.  The
  audit_control file now supports a "host" parameter which can be used by
  auditd to set the information; if not present, the kernel parameters won't
  be set and auditd uses unextended headers for records that it generates.

OpenBSM 1.1 alpha 1

- Add option to auditreduce(1) which allows users to invert sense of
  matching, such that BSM records that do not match, are selected.
- Fix bug in audit_write() where we commit an incomplete record in the
  event there is an error writing the subject token.  This was submitted
  by Diego Giagio.
- Build support for Mac OS X 10.5.1 submitted by Eric Hall.
- Fix a bug which resulted in host XML attributes not being arguments so
  that const strings can be passed as arguments to tokens.  This patch was
  submitted by Xin LI.
- Modify the -m option so users can select more then one audit event.
- For Mac OS X, added Mach IPC support for audit trigger messages.
- Fixed a bug in getacna() which resulted in a locking problem on Mac OS X.
- Added LOG_PERROR flag to openlog when -d option is used with auditd.
- AUE events added for Mac OS X Leopard system calls.
@
text
@d30 1
@

