Subject: security / kernel event logging for future netbsd?
To: None <current-users@NetBSD.org>
From: Tariq Rashid <tariq.rashid@uk.easynet.net>
List: current-users
Date: 06/13/2005 12:22:09
hi - i'm currently looking at fine-grained kernel/security event logging
mechanisms for netbsd ... 

 * i'm looking at systems like Solaris's BSM.

 * linux seems to only have the SNARE extensions, and SELinux logging
doesn't seem to be something that people use.

 * *BSD doesn't seem to have a standard system for this. someone is
implementing a BSM-like system for freebsd called trustedbsd but its still
very new and only the 6-current has some of this uploaded.

the level of detail required is quite high - syscalls, socket and file
open/close/read ...

are there plans for something like this for netbsd?

the evential aim is to process logs (in real-time, not off-line) to enforce
security measures at an application level (against profiles of known good
behaviour).

its currently only a research project - but that's what netbsd if for!

tariq