Subject: Re: security / kernel event logging for future netbsd?
To: Tariq Rashid <tariq.rashid@uk.easynet.net>
From: John R. Shannon <john@johnrshannon.com>
List: current-users
Date: 06/13/2005 05:52:35
--nextPart1476895.vIm1xxsFYd
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Apple has now released their libbsm implementation under a BSD license:
http://www.opensource.apple.com/darwinsource/tarballs/other/bsm-2.10.tar.=
gz
On Monday 13 June 2005 05:22 am, Tariq Rashid wrote:
> hi - i'm currently looking at fine-grained kernel/security event logging
> mechanisms for netbsd ...
>
> * i'm looking at systems like Solaris's BSM.
>
> * linux seems to only have the SNARE extensions, and SELinux logging
> doesn't seem to be something that people use.
>
> * *BSD doesn't seem to have a standard system for this. someone is
> implementing a BSM-like system for freebsd called trustedbsd but its still
> very new and only the 6-current has some of this uploaded.
>
> the level of detail required is quite high - syscalls, socket and file
> open/close/read ...
>
> are there plans for something like this for netbsd?
>
> the evential aim is to process logs (in real-time, not off-line) to enfor=
ce
> security measures at an application level (against profiles of known good
> behaviour).
>
> its currently only a research project - but that's what netbsd if for!
>
> tariq
=2D-=20
John R. Shannon
john@johnrshannon.com
john.r.shannon@saic.com
john.r.shannon@us.army.mil
shannonjr@NetBSD.org
--nextPart1476895.vIm1xxsFYd
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIDrTCCA6kw
ggMSoAMCAQICEBn8ah8qR+o8XD7FUqezlGwwDQYJKoZIhvcNAQEFBQAwgYExCzAJBgNVBAYTAlVT
MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RPRDEMMAoGA1UECxMDUEtJMRMw
EQYDVQQLEwpDb250cmFjdG9yMQ8wDQYDVQQLEwZJRUNBLTMxFjAUBgNVBAMTDVZlcmlTaWduIElF
Q0EwHhcNMDUwMzIzMDAwMDAwWhcNMDYwMzIzMjM1OTU5WjCBqDELMAkGA1UEBhMCVVMxGDAWBgNV
BAoUD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxQDRE9EMQwwCgYDVQQLFANQS0kxEzARBgNVBAsU
CkNvbnRyYWN0b3IxDzANBgNVBAsUBklFQ0EtMzEcMBoGA1UECxQTQ29tcGFueSBOYW1lIC0gU0FJ
QzEfMB0GA1UEAxMWSm9obiBTaGFubm9uMTAwMDIxMzQ3MTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEAq/zcQ77g3HBFpDzcKOw0iq7ICW6wJRCT6YA3DgUa9ECAZol+xxBf7ulsN143W9/p9/RX
HkfqhCLdm7z0d4ssnS8Cm2NWRtOKWH13FtMknTngbMSvUIlttOLbykrImwmVj8YFbAFkUbSQjmKU
2/pAMepK2StpjX6/xnNmMbGcbgsCAwEAAaOB+DCB9TAMBgNVHRMBAf8EAjAAMFsGA1UdHwRUMFIw
UKBOoEyGSmh0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL1VTR292ZXJubWVudERPRElFQ0Ez
RzJJZGVudGl0eS9MYXRlc3RDUkwuY3JsMCAGA1UdEQQZMBeBFWpvaG5Aam9obnJzaGFubm9uLmNv
bTAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0gBA8wDTALBglghkgBZQIBCwUwHQYDVR0OBBYEFH2Dj+RW
rmQep1irQMU+KYQbLb0qMB8GA1UdIwQYMBaAFJcxvuhnyE9Ugyc8S4g+EBZkRKOZMA0GCSqGSIb3
DQEBBQUAA4GBABGJr9NrZVa+baTKF42CzUvVfGmynfktRpy9+z0AOhYFwyw/SALgFbHhsjn5GhkQ
aJnx7onzv9mecDLgYnQG+qgUGEiK9TlwL5NFwJyk5KC5ZtcJeLd39JxWLNkqA35s4RKe8h4ZX9Fv
fkzOPfPVOzP8UN8Pgdx6FojKd4LpKrp/MYIBxzCCAcMCAQEwgZYwgYExCzAJBgNVBAYTAlVTMRgw
FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RPRDEMMAoGA1UECxMDUEtJMRMwEQYD
VQQLEwpDb250cmFjdG9yMQ8wDQYDVQQLEwZJRUNBLTMxFjAUBgNVBAMTDVZlcmlTaWduIElFQ0EC
EBn8ah8qR+o8XD7FUqezlGwwBwYFKw4DAhqggYswGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc
BgkqhkiG9w0BCQUxDxcNMDUwNjEzMTE1MjM1WjAjBgkqhkiG9w0BCQQxFgQU+N41IfJxHvhLPw++
P5dQrOtLre8wLAYJKoZIhvcNAQkPMR8wHTANBglghkgBZQMEAQIFADAMBggqhkiG9w0DBwUAMAsG
CSqGSIb3DQEBAQSBgG1G3D/IOWNypuy1S2uETM1wfAJ0+/MEgrWCXS5ZQRI/X3cAW+BWvBFg3vp8
pZ16rrPRgmTWVXYGBQlVdY7/KZY768x5uM00XUSg6Nl83qrVfM8MTrO14TyjUbU2K8Kn9jZtj5ob
hRo5fkq2NV+H6+nKgjvgfIPbjLCawf7WvRBgAAAAAAAA
--nextPart1476895.vIm1xxsFYd--