diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 351 |
1 files changed, 351 insertions, 0 deletions
@@ -0,0 +1,351 @@ +OpenBSM Version History + +OpenBSM 1.1 alpha 2 + +- Include files in OpenBSM are now broken out into two parts: library builds + required solely for user space, and system includes, which may also be + required for use in the kernels of systems integrating OpenBSM. Submitted + by Stacey Son. +- Configure option --with-native-includes allows forcing the use of native + include for system includes, rather than the versions bundled with OpenBSM. + This is intended specifically for platforms that ship OpenBSM, have adapted + versions of the system includes in a kernel source tree, and will use the + OpenBSM build infrastructure with an unmodified OpenBSM distribution, + allowing the customized system includes to be used with the OpenBSM build. + Submitted by Stacey Son. +- Various strcpy()'s/strcat()'s have been changed to strlcpy()'s/strlcat()'s + or asprintf(). Added compat/strlcpy.h for Linux. +- Remove compatibility defines for old Darwin token constant names; now only + BSM token names are provided and used. +- Add support for extended header tokens, which contain space for information + on the host generating the record. +- Add support for setting extended host information in the kernel, which is + used for setting host information in extended header tokens. The + audit_control file now supports a "host" parameter which can be used by + auditd to set the information; if not present, the kernel parameters won't + be set and auditd uses unextended headers for records that it generates. + +OpenBSM 1.1 alpha 1 + +- Add option to auditreduce(1) which allows users to invert sense of + matching, such that BSM records that do not match, are selected. +- Fix bug in audit_write() where we commit an incomplete record in the + event there is an error writing the subject token. This was submitted + by Diego Giagio. +- Build support for Mac OS X 10.5.1 submitted by Eric Hall. +- Fix a bug which resulted in host XML attributes not being printed + while processing extended header tokens. This patch was submitted by + Martin Voros. +- Constification of function arguments so that const strings can be passed + as arguments to tokens. This patch was submitted by Xin LI. +- Modify the -m option so users can select more then one audit event. +- For Mac OS X, added Mach IPC support for audit trigger messages. +- Fixed a bug in getacna() which resulted in a locking problem on Mac OS X. +- Added LOG_PERROR flag to openlog when -d option is used with auditd. +- AUE events added for Mac OS X Leopard system calls. + +OpenBSM 1.0 + +- Fix bug in auditreduce(1) which resulted in a memory fault/crash when + the user specified an event name with -m. +- Remove AU_.* hard-coded audit class constants, as audit classes are now + entirely dynamically configured using /etc/security/audit_class. + +OpenBSM 1.0 alpha 15 + +- Fix bug when processing in_addr_ex tokens. +- Restore the behavior of printing the string/text specified while + auditing arg32 tokens. +- Synchronized audit event list to Solaris, picking up the *at(2) system call + definitions, now required for FreeBSD and Linux. Added additional events + for *at(2) system calls not present in Solaris. +- Bugs in auditreduce(1) fixed allowing partial date strings to be used in + filtering events. + +OpenBSM 1.0 alpha 14 + +- Fix endian issues when processing IPv6 addresses for extended subject + and process tokens. +- gcc41 warnings clean. +- Teach audit_submit(3) about getaudit_addr(2). +- Add support for zonename tokens. + +OpenBSM 1.0 alpha 13 + +- compat/clock_gettime.h now provides a compatibility implementation of + clock_gettime(), which fixes building on Mac OS X. +- Countless man page improvements, markup fixes, content fixs, etc. +- XML printing support via "praudit -x". +- audit.log.5 expanded to include additional BSM token types. +- Added encoding and decoding routines for process64_ex, process32_ex, + subject32_ex, header64, and attr64 tokens. +- Additional audit event identifiers for listen, mlockall/munlockall, + getpath, POSIX message queues, and mandatory access control. + +OpenBSM 1.0 alpha 12 + +- Correct bug in auditreduce which prevented the -c option from working + correctly when the user specifies to process successful or failed events. + The problem stemmed from not having access to the return token at the time + the initial preselection occurred, but now a second preselection process + occurs while processing the return token. +- getacfilesz(3) API added to read new audit_control(5) filesz setting, + which auditd(8) now sets the kernel audit trail rotation size to. +- auditreduce(1) now uses stdin if no file names are specified on the command + line; this was the documented behavior previously, but it was not + implemented. Be more specific in auditreduce(1)'s examples section about + what might be done with the output of auditreduce. +- Add audit_warn(5) closefile event so that administrators can hook + termination of an audit trail file. For example, this might be used to + compress the trail file after it is closed. +- auditreduce(1) now uses regular expressions for pathname matching. Users can + now supply one or more (comma delimited) regular expressions for searching + the pathnames. If one of the regular expressions is prefixed with a tilde + (~), and a path matches, it will be excluded from the search results. + +OpenBSM 1.0 alpha 11 + +- Reclassify certain read/write operations as having no class rather than the + fr/fw class; our default classes audit intent (open) not operations (read, + write). +- Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads + and writes of sysctls as separate events. Add additional kernel + environment and jail events for FreeBSD. +- Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER + (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued + by the kernel audit implementation) so that they can be distinguished. +- Disable rate limiting of rotate requests; as the kernel doesn't retransmit + a dropped request, the log file will otherwise grow indefinitely if the + trigger is dropped. +- Improve auditd debugging output. +- Fix a number of threading related bugs in audit_control file reading + routines. +- Add APIs au_poltostr() and au_strtopol() to convert between text + representations of audit_control policy flags and the flags passed to + auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY). +- Add API getacpol() to return the 'policy:' entry from audit_control, an + extension to the Solaris file format to allow specification of policy + persistent flags. +- Update audump to print the audit_control policy field. +- Update auditd to read the audit_control policy field and set the kernel + policy to match it when configuring/reconfiguring. Remove the -s and -h + arguments as these policies are now set via the configuration file. If a + policy line is not found in the configuration file, continue with the + current default of setting AUDIT_CNT. +- Fix bugs in the parsing of large execve(2) arguments and environmental + variable tokens; increase maximum parsed argument and variable count. +- configure now detects strlcat(), used by policy-related functions. +- Reference token and record sample files added to test tree. + +OpenBSM 1.0 alpha 10 + +- auditd now generates complete audit records for its events, as required for + application-submitted audit records in the FreeBSD kernel audit + implementation. + +OpenBSM 1.0 alpha 9 + +- Rename many OpenBSM-specific constants and API elements containing the + strings "BSM" and "bsm" to "AUDIT" and "audit", observing that this is true + for almost all existing constants and APIs. +- Instead of passing a per-instance cookie directly into all audit filter + APIs, pass in the audit filter daemon state pointer, which is then used by + the module using an audit_filter_{get,set}cookie() API. This will allow + future service APIs provided by the filter daemon to maintain their own + state -- for example, per-module preselection state. + +OpenBSM 1.0 alpha 8 + +- Correct typo in definition of AUR_INT. +- Adopt OpenSolaris constant values for AUDIT_* configuration flags. +- Arguments to au_to_exec_args() and au_to_exec_env() no longer const. +- Add kernel versions of au_to_exec_args() and au_to_exec_env(). +- Fix exec argument type that is printed for env strings from 'arg' to 'env'. +- New OpenBSM token version number assigned, constants added for other + commonly seen version numbers. +- OpenBSM-specific events assigned numbers in the 43xxx range to avoid future + collisions with Solaris. Darwin events renamed to AUE_DARWIN_foo, as they + are now deprecated numberings. +- autoconf now detects clock_gettime(), which is not available on Darwin. +- praudit output fixes relating to arg32 and arg64 tokens. +- Maximum record size updated to 64k-1 to match Solaris record size limit. +- Various style and comment cleanups in include files. + +OpenBSM 1.0 alpha 7 + +- Adopted Solaris-compatible format for subject32_ex and subject64_ex + tokens, which previously did not correctly implement variable length + address storage. +- Prefer inttypes.h to stdint.h; enhance queue.h detection to test for + TAILQ_FOREACH_SAFE(), which is present in recent BSD queue.h's, but not + older ones. OpenBSM now builds on some FreeBSD 4.x versions. +- New event types for extended attributes, ACLs, and scheduling. + +OpenBSM 1.0 alpha 6 + +- Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close(); + previously we used hard-coded 0 and 1 values. +- Add man page for au_open(), au_write(), au_close(), and + au_close_buffer(). +- Support a more complete range of data types for the arbitrary data token: + add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias + to AUR_INT), add AUR_INT64. +- Add au_close_token(), which allows writing a single token_t to a memory + buffer. Not likely to be used much by applications, but useful for + writing test tools. +- Modify au_to_file() so that it accepts a timeval in user space, not just + kernel -- this is not a Solaris BSM API so can be modified without + causing compatibility issues. +- Define a new API, au_to_header32_tm(), which adds a struct timeval + argument to the ordinary au_to_header32(), which is now implemented by + wrapping au_to_header32_tm() and calling gettimeofday(). #ifndef KERNEL + the APIs that invoke gettimeofday(), rather than having a variable + definition. Don't try to retrieve time zone information using + gettimeofday(), as it's not needed, and introduces possible failure + modes. +- Don't perform byte order transformations on the addr/machine fields of + the terminal ID that appears in the process32/subject32 tokens. These + are assumed to be IP addresses, and as such, to be in network byte + order. +- Universally, APIs now assume that IP addresses and ports are provided + in network byte order. APIs now generally provide these types in + network byte order when decoding. +- Beginnings of an OpenBSM test framework can now be found in openbsm/test. + This code is not built or installed by default. +- auditd now assigns more appropriate syslog levels to its debugging and + error information. +- Support for audit filters introduced: audit filters are dynamically + loaded shared objects that run in the context of a new daemon, + auditfilterd. The daemon reads from an audit pipe and feeds both BSM and + parsed versions of records to shared objects using a module API. This + will provide a framework for the writing of intrusion detection services. +- New utility API, audit_submit(), added to capture common elements of audit + record submission for many applications. + +OpenBSM 1.0 alpha 5 + +- Update install notes to indicate /etc files are to be installed manually. +- On systems without LOG_SECURITY, use LOG_AUTH. +- Convert to autoconf/automake in order to move to a more portable (not + BSD-specific) build infrastructure, and more easy conditional building of + components. Currently, the primary feature loss is that automake does + not have native support for manual symlinks. This will be addressed in a + future OpenBSM release. +- Add compat/queue.h, to be used on systems dated BSD queue macro libraries + (as found on Linux). +- Rename CHANGELOG to HISTORY, as our change log doesn't follow some of the + existing conventions for a CHANGELOG. +- Some private data structures moved from audit.h to audit_internal.h to + prevent inappropriate use by applications and name space pollution. +- Improved detection and use of endian macros using autoconf. +- Avoid non-portable use of struct in6_addr, which is largely opaque. +- Avoid leaking BSD kernel socket related token code to user space in + bsm_token.c. +- Teach System V IPC calls to look for Linux naming variations for certain + struct ipc_perm fields. +- Test for audit system calls, and if not present, don't build + bsm_wrappers.c, bsm_notify.c, audit(8), and auditd(8), which rely on + those system calls. +- au_close() is not implemented on systems that don't have audit system + calls, but au_close_buffer() is. +- Work around missing BSDisms in bsm_wrapper.c. +- Fix nested includes so including libbsm.h in an application on Linux + picks up the necessary definitions. + +OpenBSM 1.0 alpha 4 + +- Remove "audit" user example from audit_user, as it's not present on most + systems. +- Add cannot_audit() function non-Darwin systems that wraps auditon(); + required by OpenSSH BSM support. Convert Darwin cannot_audit() into a + function rather than a macro. +- Library build fixed on Darwin following include file tweaks. The native + Darwin sys/audit.h conflicts with bsm/audit.h due to duplicate types, so + for now we force bsm_wrappers.c to not perform a nested include of + sys/audit.h. + +OpenBSM 1.0 alpha 3 + +- Man page formatting, cross reference, mlinks, and accuracy improvements. +- auditd and tools now compile and run on FreeBSD/arm. +- auditd will now fchown() the trail file to the audit review group, if + defined at compile-time. +- Added AUE_SYSARCH for FreeBSD. +- Definition of AUE_SETFSGID fixed for Linux. + +OpenBSM 1.0 alpha 2 + +- Man page formatting improvements. +- A number of new audit event identifiers for FreeBSD, Linux, and POSIX.1b + events. +- Remove 'tfm' class, unused in OpenBSM. + +OpenBSM 1.0 alpha 1 + +- Import of Darwin74 BSM drop +- Use 'syslog' for audit log warnings, rather than echoing to a file in + audit_warn. +- Compile using BSD make infrastructure. +- Integrate bsm/ include files from Darwin74 XNU drop into OpenBSM. +- Narrow set of symbols and defines that are exposed in user space: don't + compile in code relying on kernel-only types such as 'struct socket'. +- Add README, including basic build documentation. +- Compilation of Apple-specific notify and Machroutines now #ifdef __APPLE__. +- Staticize libbsm global variables to avoid leakage into applications. +- Add free_au_user_ent() so that au_user_ent's don't have to be leaked. +- Clean up bogus nul-termination checks in libbsm. +- Add libbsm API man pages: au_class.3 au_control.3 au_event.3 + au_free_token.3 au_io.3 au_mask.3 au_token.3 au_user.3 libbsm.3. +- Add man pages for BSM system calls: audit.2 auditctl.2 auditon.2 getaudit.2 + getauid.2 setaudit.2 setauid.2 +- Modify various libbsm interfaces to more consistently return 'errno' values + on failure. +- Break out au_close() into constituent parts, allowing records to be written + to memory as well as files. +- Prefix various defines with 'BSM_' to reduce name space pollution. +- Added audit_internal.h, which can be used by a kernel audit implementation + wanting to rely on libbsm components. +- Build with warnings, and eliminate warnings. +- Make libbsm endian-independent, storing and reading BSM are big endian + (network byte order) rather than native byte order. More consistently + print IP addresses using the IP address print routine. These changes + make use of sys/endian.h from *BSD; since this isn't present on Darwin, + add it to OpenBSM as compat/endian.h, which is used only on Darwin. +- Import of Darwin80 BSM drop, including 64-bit file IDs, better + documentation of private APIs, and bug fixes. +- White space cleanup. +- Add audit.log.5, a first cut at a man page documenting the BSM file format. +- Teach au_read_rec() to recognize stand-alone file tokens, which are present + at the beginning and end of Solaris audit trails. Technically, these + appear to violate the high level BSM spec, which suggests that all tokens + are present in records, but need to be supported. +- Implement HEADER64, ATTR64, SUBJECT64 token types, which make it possible + to run praudit(1) on basic Solaris BSM streams. +- Switched to Solaris spelling of token names; Darwin spellings are now + deprecated and will be removed in a future version of OpenBSM. +- Adopt Solaris model for representing IPv4 and IPv6 addresses. +- Prefer C99 types. +- Attempt to universally adopt the BSD style(9) coding style for + consistency. +- auditreduce(1) now has a usage message. +- Update support for auditctl(2) system call to support FreeBSD. +- Add support for /dev/audit as the trigger source on FreeBSD. +- Add additional event types for Darwin, FreeBSD, and Solaris. Annotate + conflicts (there are a few, unfortunately). Correct spellings, comment, + sort, etc. These include {get,set}res[ug]id(), sendfile(), lchflags(), + eaccess(), kqueue(), kevent(), poll(), lchmod(). +- Relicensed under a BSD license, many thanks to Apple, Inc! +- Many bug fixes, cleanups, thread safety in the class, control, event, + and user system audit databases. Annotate some persisting atomicity + bugs associated with the API and implementation. +- Add audump test tool. +- Adopt OpenSolaris BSM API memory semantics: caller allocates memory, + or static memory is returned for non-_r() versions of API calls. + _free() calls dropped as a result, and source code compatibility with + OpenSolaris improved significantly. +- Annotate BSM events with origin OS and compatibility information. +- auditd(8), audit(8) added to the OpenBSM distribution. auditd extended + to support reloading of kernel event table. +- Allow comments in /etc/security configuration files. + +$P4: //depot/projects/trustedbsd/openbsm/NEWS#9 $ |