current-users: Re: security / kernel event logging for future netbsd?

Subject: Re: security / kernel event logging for future netbsd?
To: Tariq Rashid <tariq.rashid@uk.easynet.net>
From: John R. Shannon <john@johnrshannon.com>
List: current-users
Date: 06/13/2005 05:38:58
--nextPart1496160.UsPLJmNayv
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

It would be nice if it conformed to the requirements in sections 5.1 and 5.=
2=20
of "U.S. Government Protection Profile for Single-level Operating Systems i=
n=20
Environments Requiring Medium Robustness Version 1.67 - 30 October 2003":

http://niap.nist.gov/pp/draft_pps/pp_draft_slos_mr_v1.67.pdf

On Monday 13 June 2005 05:22 am, Tariq Rashid wrote:
> hi - i'm currently looking at fine-grained kernel/security event logging
> mechanisms for netbsd ...
>
>  * i'm looking at systems like Solaris's BSM.
>
>  * linux seems to only have the SNARE extensions, and SELinux logging
> doesn't seem to be something that people use.
>
>  * *BSD doesn't seem to have a standard system for this. someone is
> implementing a BSM-like system for freebsd called trustedbsd but its still
> very new and only the 6-current has some of this uploaded.
>
> the level of detail required is quite high - syscalls, socket and file
> open/close/read ...
>
> are there plans for something like this for netbsd?
>
> the evential aim is to process logs (in real-time, not off-line) to enfor=
ce
> security measures at an application level (against profiles of known good
> behaviour).
>
> its currently only a research project - but that's what netbsd if for!
>
> tariq

=2D-=20
John R. Shannon
john@johnrshannon.com
john.r.shannon@saic.com
john.r.shannon@us.army.mil
shannonjr@NetBSD.org

--nextPart1496160.UsPLJmNayv
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIDrTCCA6kw
ggMSoAMCAQICEBn8ah8qR+o8XD7FUqezlGwwDQYJKoZIhvcNAQEFBQAwgYExCzAJBgNVBAYTAlVT
MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RPRDEMMAoGA1UECxMDUEtJMRMw
EQYDVQQLEwpDb250cmFjdG9yMQ8wDQYDVQQLEwZJRUNBLTMxFjAUBgNVBAMTDVZlcmlTaWduIElF
Q0EwHhcNMDUwMzIzMDAwMDAwWhcNMDYwMzIzMjM1OTU5WjCBqDELMAkGA1UEBhMCVVMxGDAWBgNV
BAoUD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxQDRE9EMQwwCgYDVQQLFANQS0kxEzARBgNVBAsU
CkNvbnRyYWN0b3IxDzANBgNVBAsUBklFQ0EtMzEcMBoGA1UECxQTQ29tcGFueSBOYW1lIC0gU0FJ
QzEfMB0GA1UEAxMWSm9obiBTaGFubm9uMTAwMDIxMzQ3MTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEAq/zcQ77g3HBFpDzcKOw0iq7ICW6wJRCT6YA3DgUa9ECAZol+xxBf7ulsN143W9/p9/RX
HkfqhCLdm7z0d4ssnS8Cm2NWRtOKWH13FtMknTngbMSvUIlttOLbykrImwmVj8YFbAFkUbSQjmKU
2/pAMepK2StpjX6/xnNmMbGcbgsCAwEAAaOB+DCB9TAMBgNVHRMBAf8EAjAAMFsGA1UdHwRUMFIw
UKBOoEyGSmh0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL1VTR292ZXJubWVudERPRElFQ0Ez
RzJJZGVudGl0eS9MYXRlc3RDUkwuY3JsMCAGA1UdEQQZMBeBFWpvaG5Aam9obnJzaGFubm9uLmNv
bTAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0gBA8wDTALBglghkgBZQIBCwUwHQYDVR0OBBYEFH2Dj+RW
rmQep1irQMU+KYQbLb0qMB8GA1UdIwQYMBaAFJcxvuhnyE9Ugyc8S4g+EBZkRKOZMA0GCSqGSIb3
DQEBBQUAA4GBABGJr9NrZVa+baTKF42CzUvVfGmynfktRpy9+z0AOhYFwyw/SALgFbHhsjn5GhkQ
aJnx7onzv9mecDLgYnQG+qgUGEiK9TlwL5NFwJyk5KC5ZtcJeLd39JxWLNkqA35s4RKe8h4ZX9Fv
fkzOPfPVOzP8UN8Pgdx6FojKd4LpKrp/MYIBxzCCAcMCAQEwgZYwgYExCzAJBgNVBAYTAlVTMRgw
FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RPRDEMMAoGA1UECxMDUEtJMRMwEQYD
VQQLEwpDb250cmFjdG9yMQ8wDQYDVQQLEwZJRUNBLTMxFjAUBgNVBAMTDVZlcmlTaWduIElFQ0EC
EBn8ah8qR+o8XD7FUqezlGwwBwYFKw4DAhqggYswGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc
BgkqhkiG9w0BCQUxDxcNMDUwNjEzMTEzODU5WjAjBgkqhkiG9w0BCQQxFgQUzDJ6Sraptp5nOnIQ
TzrycoAZVMswLAYJKoZIhvcNAQkPMR8wHTANBglghkgBZQMEAQIFADAMBggqhkiG9w0DBwUAMAsG
CSqGSIb3DQEBAQSBgEgFR/VsaJe0t+cexMgKe9ekTng3tqYd9fJRsOdsBgjuj8q9/v8DuOc0Fz59
vlcJ4PX51O/ANlMpG0sYONV57K2uvta0loO7QBqAqjvHFVc9isgHp/4qdF7jawpXO5KXQ8tJM7yU
/VfOHASAFVtmWP+IMTrnLzaiy5S3Euqd59hcAAAAAAAA

--nextPart1496160.UsPLJmNayv--