The Trail Grows Cold Mac OS
Welcome to The Trail: Frontier Challenge! Join pioneers from across land and sea in an epic journey across an undiscovered country! Walk down the single track path of destiny at a calm and measured pace!
OpenBSM: Open Source Basic Security Module (BSM) Audit Implementation
GitHub:https://github.com/openbsm/openbsm
- Now the trail is cold on support but Tiger 10.4.11 is much superior to Panther 10.3.9. A totally better experience. The advantage of an upgrade if you have other retail application installers, is the totally clean install gives you a chance to secure erase and overwrite one-pass zeros on the hard disk drive, and reformat it.
- Operating System: Windows® XP/Vista/7/8/10. Mac OS X: 10.5.8 Leopard/10.6.6 Snow Leopard/10.7 Lion/10.8 Mountain Lion/10.9 Mavericks/10.10 Yosemite or higher. NOTE: Will not run on Mojave, Catalina, Big Sur, or higher Mac operating systems Windows Minimum System Requirements. 1 GHz or greater Pentium or equivalent class CPU; 256 MB of RAM.
- Unlimited usage. Instant activation. Full admin access. 24/7 remote hands support. Genuine, dedicated Apple Mac mini servers. For developers, remote testing, and more.
OpenBSM is a portable, open source implementation of Sun's Basic Security Module (BSM) security audit API and file format. BSM, the de facto industry standard for audit, describes a set of system call and library interfaces for managing audit records, as well as a token stream file format that permits extensible and generalized audit trail processing. Records may describe both kernel events, such as system calls, as well as application events, such as login, password changes, etc.
OpenBSM extends the BSM API and file format in a number of ways to support features present in the Mac OS X and FreeBSD operating systems, such as Mach task interfaces, sendfile(), and Linux system calls present in the FreeBSD Linux emulation layer, as well as focusing on portability through an endian-independent version of the trail format.
The OpenBSM distribution provides system include files, the libbsm library, command-line tools such as praudit and auditreduce, sample /etc configuration files, an audit daemon for use on systems with kernel support, and an audit trail distribution daemon to allow trails to be securely submitted by end hosts to a central audit trail server (to appear in OpenBSM 1.2). It is appropriate for use stand-alone in processing trails generated by BSM-enabled systems, as well as for use as the foundation of OS audit implementations requiring libraries, command-line tools, etc.
OpenBSM is built and tested on several versions of FreeBSD, Mac OS X, and Linux; some components, such as the audit daemon, require kernel audit support (present in FreeBSD and Mac OS X, and in fact derived from OpenBSM), but the basic library and audit trail tools run on all three platforms regardless of OS kernel support. Written in portable C and built using autoconf/automake, it is easy to adapt OpenBSM for use on new platforms.
History and Vendors
OpenBSM is derived from the BSM audit implementation found in Apple's open source Darwin operating system, generously released by Apple under a BSD license. The Darwin BSM implementation was created by McAfee Research under contract to Apple Computer, and has since been maintained and extended by the volunteer TrustedBSD team. The FreeBSD Foundation sponsored the development of auditdistd, a distributed audit trail daemon.
OpenBSM is the core user space component of the TrustedBSD Audit Implementation for FreeBSD, providing tools, libraries, and include files. OpenBSM ships with FreeBSD 6.2 and later, with the first full release of OpenBSM (1.0) in FreeBSD 6.3 and FreeBSD 7.0.
BSMtrace is an independently distributed BSM-based host intrusion detection system that relies on OpenBSM audit trails.
Mailing List
Discussion of the TrustedBSD Audit implementation, as well as the OpenBSM package, takes place on the trustedbsd-audit mailing list.
Releases
OpenBSM source code is available for download via occasional snapshot and release tarballs, vendor integrated source code (such as the FreeBSD source tree), and the OpenBSM GitHub repository. The current release is OpenBSM 1.1p2, released on 2 August, 2009. Please see the file README present in the OpenBSM distribution for build and installation instructions.
Version | Download | Size | Date | Description |
1.1p2 | openbsm-1.1-p2.tgz | 560K | 2009-08-02 | OpenBSM 1.1p2 is a minor patch release of the OpenBSM code base. There are no significant changes from OpenBSM 1.1p1, but there are several bug fixes relating to /etc/security/audit_event entries for the openat(2) system call, build fixes for Linux, and the printing of class masks by the audump tool. |
1.1p1 | openbsm-1.1-p1.tgz | 560K | 2009-07-17 | OpenBSM 1.1p1 is a minor patch release of the OpenBSM code base. There are no significant changes from OpenBSM 1.1, but there are a number of bug fixes in token parsing and generation, and tolerance for whitespace variation in OpenBSM configuration files is improved. |
1.1 | openbsm-1.1.tgz | 560K | 2009-04-16 | OpenBSM 1.1 is the second production release of the OpenBSM code base. Major changes since OpenBSM 1.0 include:
Since the last test release, OpenBSM 1.1 beta 1, 32/64-bit compatibility has been fixed for the auditon(2) system call. A default 'expire-after' of 10MB is now set in audit_control(5). Local fcntl(2) arguments are now mapped to wire BSM versions using new APIs. The audit_submit(3) man page has been fixed. A new audit event class has been added for post-login authentication and access control events. |
1.0 | openbsm-1.0.tgz | 496K | 2007-10-28 | OpenBSM 1.0 is the first production release of the OpenBSM code base. Since the last test release, OpenBSM 1.0 alpha 15, a bug leading to a crash in auditreduce(8) has been resolved, and all AU_ constants have been removed. The versions of autoconf and automake used to build OpenBSM have been updated. |
Current Development Snapshot
Development snapshots reflect work-in-progress snapshots of the OpenBSM development branch on GitHub. They are appropriate for use in production systems, but consumers of these snapshots should be aware that APIs, file formats, and tools are under active development, and may change at any time. Please see the file README present in the OpenBSM distribution for build and installation instructions.
Version | Download | Size | Date | Description |
1.2 alpha5 | openbsm-1.2-alpha5.tgz | 648K | 2016-12-04 | SHA256: 4c615e92c445bbdd345119708ba5c6a7385cc4f8e2ea90c661dfddaf7e17f81a OpenBSM 1.2-alpha5 is the fifth test release of the OpenBSM 1.2 release stream. In this revision several new features were added, among them: support for setting the kernel's maximum audit queue length; the ability to push a mapping between audit event names and event numbers into a kernel supporting this feature; sandboxing support for auditreduce(1) and praudit(1) on systems supporting Capsicum; and the ability to leave the flags and naflags parameters empty. Additionally, event definitions for several FreeBSD subsystems were added. |
Historical Development Snapshots
This is an archive of past OpenBSM test snapshots; use of these versions is not recommended. These snapshots are from the development of OpenBSM 1.1:
Version | Download | Size | Date | Description |
1.2 alpha4 | openbsm-1.2-alpha4.tgz | 683K | 2015-11-02 | SHA256: 35b0370d19a742a387f10aaae187a38abee536d8a7b57c0e9d997d3ceaf02429 OpenBSM 1.2-alpha4 is the fourth test release of the OpenBSM 1.2 release stream. In this revision, a number of bugs have been fixed in auditdistd. A bug in praudit has been fixes that caused it to emit invalid XML output. Manpage links, broken since the switch to autotools, are installed once again. Additionally, event definitions were updated, and the documentation has been improved. |
1.2 alpha3 | openbsm-1.2-alpha3.tgz | 736K | 2012-12-15 | In this revision, a number of (largely minor) refinements are made to auditdistd; perhaps most importantly, header files and build elements are cleaned up to support better integration into the FreeBSD 10-CURRENT source tree. |
1.2 alpha2 | openbsm-1.2-alpha2.tgz | 736K | 2012-11-23 | In this revision, OpenBSM grows a new daemon, auditdistd, which provides secure audit trail distribution over the network. Implemented by Pawel Jakub Dawidek and sponsored by the FreeBSD Foundation, auditdistd provides a client to run on hosts generating audit trails, and a server to run on a central secure audit host. auditdistd uses TLS to encrypt trails on the wire, and does it append-only, so that audit trails leading up to a compromise on the client are tamper-proof on the client. This feature is considered experimental. |
1.2 alpha1 | openbsm-1.2-alpha1.tgz | 640K | 2012-07-22 | In this revision, OpenBSM grows support for Capsicum system calls and events, has various fixes to address warnings from the Clang static analyser, fixes trail expiration when the host parameter is used, adds support for privilege tokens, fixes a directory descriptor leak that arose in low disk space conditions, added build support for more recent Linux versions, fixed bugs in XML rendering of BSM, and improved the documentation. |
1.1 beta 1 | openbsm-1.1-beta1.tgz | 544K | 2009-02-24 | In this revision, OpenBSM's auditd(8) grows support for audit trail expiration based on age and trail size, various defaults in audit_control(5) are modernized (such as smaller percent free default, and enabling execve(2) argument auditing by default), socket types and domains are converted to BSM format when written out, and bugs are fixed in IPC permission token encoding. |
1.1 alpha 5 | openbsm-1.1-alpha5.tgz | 544K | 2009-01-11 | In this revision, OpenBSM is modified to map local protocol family constants and socket types to wire versions, as the specific constant values vary by OS; a stub libauditd(3) man page is added, errno constants are renamed, full error string text is not compiled into kernels when OpenBSM code is used there, warnings are fixed on many platforms, and the launchd label for audit is changed on Mac OS X. |
1.1 alpha 4 | openbsm-1.1-alpha4.tgz | 544K | 2008-12-19 | In this revision, most functional components of auditd(8) are moved to a new libauditd(3), so that they can be shared by auditd(8) on FreeBSD and launchd(8) on Mac OS X. In addition, audit_submit(3) is taught to accept local errno values (as it did before the additional of a BSM error number space), further cleanup of the user audit event ID space is performed in order to avoid collisions with other systems, au_strerror(3) is added to allow printing of error numbers without converting to local numbers (which may lose fidelity), and audit crash recovery is improved as auditd now maintains a current trail link and cleans up if it discovers auditd failed during the last rotation. In Mac OS X, ASL(3) is used instead of syslog(3) for system logging. |
1.1 alpha 3 | openbsm-1.1-alpha3.tgz | 512K | 2008-12-07 | In this revision, OpenBSM maps between local and wire values for the errno error space, bugs are fixed in the encoding of execve arguments and environmental variables, support for the portable AUT_SOCKET_EX token type is added, and the BSM header version is bumped to give OpenBSM 1.1 its own file format version due to non-trivial changes in tokens. |
1.1 alpha 2 | openbsm-1.1-alpha2.tgz | 512K | 2008-11-11 | In this revision, BSM include files required by OS vendors for use in kernels are broken out into a separate include directory, a configure option is added to force use of native rather than OpenBSM sys includes if desired, strlcpy() and strlcat() are used in preference to less robust APIs, compatibility defines for old Darwin event identifiers are removed, support for exended header tokens (containing host information) is added to the BSM library and auditd(8), and can be set in audit_control(5). |
1.1 alpha 1 | openbsm-1.1-alpha1.tgz | 496K | 2008-07-31 | In this revision, support for Mac OS X 10.5 is introduced, including new events specific to Leopard, and support for the Mach IPC audit trigger method. auditreduce(1) grows an invert flag, and allows selecting of more than one event. A number of bugs are fixed, including in XML trail conversion, BSM record writing, and audit_control file access. |
The Trail Grows Cold Mac Os Catalina
These snapshots are from the development of OpenBSM 1.0:
The Trail Grows Cold Mac Os 11
Version | Download | Size | Date | Description |
1.0 alpha 15 | openbsm-1.0-alpha15.tgz | 480K | 2007-07-16 | Bugs fixed in the handling of IPv6 addresses, auditreduce, and additional audit event identifiers added for new system calls. |
1.0 alpha 14 | openbsm-1.0-alpha14.tgz | 480K | 2007-04-16 | Support for the zonename token type added, a variety of endian-related bugs in IPv6 addresses fixed, OpenBSM becomes warning clean for gcc1, and various man page updated. |
1.0 alpha 13 | openbsm-1.0-alpha13.tgz | 480K | 2006-11-25 | Man page documentation substantially imrpved, XML printing support added to praudit(8), and support for more 64-bit token types. |
1.0 alpha 12 | openbsm-1.0-alpha12.tgz | 480K | 2006-09-24 | audit_control(5) filesz configuration added in order to support automated rotation of audit trails based on file size, regular expression matching for paths added to auditreduce, an audit_warn event is generated on rotation, and a number of other bugs fixed and documentation improved. |
1.0 alpha 11 | openbsm-1.0-alpha11.tgz | 480K | 2006-09-20 | audit_control(5) control of audit policy is introduced, and and significant number of bugs relating to execve(2) argument auditing and trail rotation are fixed. |
1.0 alpha 10 | openbsm-1.0-alpha10.tgz | 464K | 2006-09-02 | auditd(8) now submits complete audit records, including full return information, as part of its operation. |
1.0 alpha 9 | openbsm-1.0-alpha9.tgz | 464K | 2006-08-26 | Many BSM_/bsm_ constants are renamed to AUDIT_/audit_, the audit filter module API has been refined, and a number of bugs have been fixed.. |
1.0 alpha 8 | openbsm-1.0-alpha8.tgz | 464K | 2006-08-16 | Non-Solaris audit events have been renumbered to avoid future collisions, and a unique OpenBSM header token version number has been adopted. A variety of other bugs have been fixed, and cleanups made. |
1.0 alpha 7 | openbsm-1.0-alpha7.tgz | 464K | 2006-06-27 | Improvements in the creation of subject tokens and in code portability. |
1.0 alpha 6 | openbsm-1.0-alpha6.tgz | 464K | 2006-06-02 | An experimental audit filter API is introduced, APIs for application-submitted audit records are improved, and bugs are fixed. |
1.0 alpha 5 | openbsm-1.0-alpha5.tgz | 432K | 2006-03-04 | OpenBSM now uses autoconf/automake, allowing it to build on Mac OS X and Linux. |
1.0 alpha 4 | openbsm-1.0-alpha4.tgz | 86K | 2006-02-23 | This is the first version of OpenBSM and incorporates the OpenBSM code as present on FreeBSD CVS at this date. |