head	1.1;
branch	1.1.1;
access;
symbols
	RELENG_8_4:1.1.1.1.0.32
	RELENG_9_1_0_RELEASE:1.1.1.1
	RELENG_9_1:1.1.1.1.0.30
	RELENG_9_1_BP:1.1.1.1
	RELENG_8_3_0_RELEASE:1.1.1.1
	RELENG_8_3:1.1.1.1.0.28
	RELENG_8_3_BP:1.1.1.1
	RELENG_9_0_0_RELEASE:1.1.1.1
	RELENG_9_0:1.1.1.1.0.26
	RELENG_9_0_BP:1.1.1.1
	RELENG_9:1.1.1.1.0.24
	RELENG_9_BP:1.1.1.1
	RELENG_7_4_0_RELEASE:1.1.1.1
	RELENG_8_2_0_RELEASE:1.1.1.1
	RELENG_7_4:1.1.1.1.0.22
	RELENG_7_4_BP:1.1.1.1
	RELENG_8_2:1.1.1.1.0.20
	RELENG_8_2_BP:1.1.1.1
	RELENG_8_1_0_RELEASE:1.1.1.1
	RELENG_8_1:1.1.1.1.0.18
	RELENG_8_1_BP:1.1.1.1
	RELENG_7_3_0_RELEASE:1.1.1.1
	RELENG_7_3:1.1.1.1.0.16
	RELENG_7_3_BP:1.1.1.1
	RELENG_8_0_0_RELEASE:1.1.1.1
	RELENG_8_0:1.1.1.1.0.14
	RELENG_8_0_BP:1.1.1.1
	RELENG_8:1.1.1.1.0.12
	RELENG_8_BP:1.1.1.1
	RELENG_7_2_0_RELEASE:1.1.1.1
	RELENG_7_2:1.1.1.1.0.10
	RELENG_7_2_BP:1.1.1.1
	RELENG_7_1_0_RELEASE:1.1.1.1
	RELENG_6_4_0_RELEASE:1.1.1.1.2.1
	RELENG_7_1:1.1.1.1.0.8
	RELENG_7_1_BP:1.1.1.1
	RELENG_6_4:1.1.1.1.2.1.0.6
	RELENG_6_4_BP:1.1.1.1.2.1
	RELENG_7_0_0_RELEASE:1.1.1.1
	RELENG_6_3_0_RELEASE:1.1.1.1.2.1
	RELENG_7_0:1.1.1.1.0.6
	RELENG_7_0_BP:1.1.1.1
	RELENG_6_3:1.1.1.1.2.1.0.4
	RELENG_6_3_BP:1.1.1.1.2.1
	OPENBSM_1_0:1.1.1.1
	RELENG_7:1.1.1.1.0.4
	RELENG_7_BP:1.1.1.1
	OPENBSM_1_0_ALPHA_15:1.1.1.1
	OPENBSM_1_0_ALPHA_14:1.1.1.1
	RELENG_6_2_0_RELEASE:1.1.1.1.2.1
	RELENG_6_2:1.1.1.1.2.1.0.2
	RELENG_6_2_BP:1.1.1.1.2.1
	OPENBSM_1_0_ALPHA_12:1.1.1.1
	OPENBSM_1_0_ALPHA_11:1.1.1.1
	RELENG_6:1.1.1.1.0.2
	OPENBSM_1_0_ALPHA_10:1.1.1.1
	OPENBSM_1_0_ALPHA_9:1.1.1.1
	OPENBSM_1_0_ALPHA_7:1.1.1.1
	OPENBSM_1_0_ALPHA_6:1.1.1.1
	TrustedBSD:1.1.1;
locks; strict;
comment	@# @;


1.1
date	2006.06.05.10.52.10;	author rwatson;	state Exp;
branches
	1.1.1.1;
next	;

1.1.1.1
date	2006.06.05.10.52.10;	author rwatson;	state Exp;
branches
	1.1.1.1.2.1
	1.1.1.1.32.1;
next	;

1.1.1.1.2.1
date	2006.09.02.10.46.00;	author rwatson;	state Exp;
branches;
next	;

1.1.1.1.32.1
date	2006.06.05.10.52.10;	author svnexp;	state dead;
branches;
next	1.1.1.1.32.2;

1.1.1.1.32.2
date	2013.03.28.13.01.52;	author svnexp;	state Exp;
branches;
next	;


desc
@@


1.1
log
@Initial revision
@
text
@#
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_filter#1 $
#
# modulename:various arguments here
#
@


1.1.1.1
log
@Vendor branch import of TrustedBSD OpenBSM 1.0 alpha 6:

- Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close();
  previously we used hard-coded 0 and 1 values.
- Add man page for au_open(), au_write(), au_close(), and
  au_close_buffer().
- Support a more complete range of data types for the arbitrary data token:
  add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias
  to AUR_INT), add AUR_INT64.
- Add au_close_token(), which allows writing a single token_t to a memory
  buffer.  Not likely to be used much by applications, but useful for
  writing test tools.
- Modify au_to_file() so that it accepts a timeval in user space, not just
  kernel -- this is not a Solaris BSM API so can be modified without
  causing compatibility issues.
- Define a new API, au_to_header32_tm(), which adds a struct timeval
  argument to the ordinary au_to_header32(), which is now implemented by
  wrapping au_to_header32_tm() and calling gettimeofday().  #ifndef KERNEL
  the APIs that invoke gettimeofday(), rather than having a variable
  definition.  Don't try to retrieve time zone information using
  gettimeofday(), as it's not needed, and introduces possible failure
  modes.
- Don't perform byte order transformations on the addr/machine fields of
  the terminal ID that appears in the process32/subject32 tokens.  These
  are assumed to be IP addresses, and as such, to be in network byte
  order.
- Universally, APIs now assume that IP addresses and ports are provided
  in network byte order.  APIs now generally provide these types in
  network byte order when decoding.
- Beginnings of an OpenBSM test framework can now be found in openbsm/test.
  This code is not built or installed by default.
- auditd now assigns more appropriate syslog levels to its debugging and
  error information.
- Support for audit filters introduced: audit filters are dynamically
  loaded shared objects that run in the context of a new daemon,
  auditfilterd.  The daemon reads from an audit pipe and feeds both BSM and
  parsed versions of records to shared objects using a module API.  This
  will provide a framework for the writing of intrusion detection services.
- New utility API, audit_submit(), added to capture common elements of audit
  record submission for many applications.

Obtained from:	TrustedBSD Project
@
text
@@


1.1.1.1.32.1
log
@file audit_filter was added on branch RELENG_8_4 on 2013-03-28 13:01:52 +0000
@
text
@d1 5
@


1.1.1.1.32.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 5
#
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_filter#1 $
#
# modulename:various arguments here
#
@


1.1.1.1.2.1
log
@MFC OpenBSM 1.0 alpha 10 from HEAD to RELENG_6; OpenBSM is the user space
portion of the TrustedBSD audit implementation, which has now been
settling in 7-CURRENT for several months, and is intended to provide a
Common Criteria/CAPP-compliant fine-grained security event log subsystem.
OpenBSM includes libraries, documentation, configuration files, and audit
audit trail printing and audit trail reduction tools.

This code drop is based on Apple's BSM implementation, implemented by
McAfee Research, and has been substantially enhanced by the TrustedBSD
Project.

Audit support will be considered "experimental" for 6.2-RELEASE.

Obtained from:	TrustedBSD Project
@
text
@@

