Robert Watson has announced the release of OpenBSM 1.1, the second production release of OpenBSM.
Major changes since OpenBSM 1.0:
- Trail files now include host where the trail is generated. Crash recovery has been improved. Trail expiration based on size and date is now supported; by default trail files will be expired after 10MB of trails. The default individual trail limit is now 2MB.
- Mac OS X Snow Leopard is now a fully supported platform; launchd(8) can now be used to launchd auditd(8). Command line tools and libraries are now supported on Mac OS X Leopard.
- Extended header tokens are now supported, allowing audit trails to be tagged with a host identifier. IPv6 addresses are now supported in subject tokens.
- BSM token and record types have been further synchronized to OpenSolaris; support for many new system calls has been added. Local errors and socket types are mapped to and from BSM values.
The following changes have been made since the last snapshot release, OpenBSM 1.1 beta 1:
- Change auditon(2) parameters and data structures to be 32/64-bit architecture independent. Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new commands are not supported.
- Add default for ‘expire-after’ in audit_control to expire trail files when the audit directory is more than 10 megabytes (’10M’).
- Interface to convert between local and BSM fcntl(2) command values has been added: au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page.
- A new audit event class ‘aa’, for post-login authentication and authorization events, has been added.
OpenBSM releases and snapshots from the OpenBSM project web page