One minute
FreeBSD audit
Robert Watson, founder of the TrustedBDS project was interviewed by Federico Biancuzzi on SecurityFocus about FreeBSD Security Event Auditing. The auditing mechanism will be part of the upcoming release 6.2 of FreeBSD, although being marked as experimental and hence not included into the GENERIC kernel. It uses SUN’s BSM API and log file format (the industry standard) and is based on Apple’s BSD licensed implementation. Since significant improvements were made during porting, the OpenBSM project was created to host the code. The project builds on Mac OS X, FreeBSD and Linux. The key advantage the new auditing has above syslog is the finer granularity, configurability and reliability. This is achieved by putting auditing functionality into the kernel and hence being at the level where system calls are transformed into direct instructions. And the team made a good decision in keeping the configuration syntax as close to SUN’s as possible, giving the new project direct access to an already mature basis of examples and best practices. Finally, I want to emphasize the impact this has for the FreeBSD project, since having a full blown auditing system is the requirement for any operating system to be used in security aware environments such as defense departments or financial institutions.