UKUUG LISA 2006 took place in Durham, UK in March, 2006. On this page, you can find my slides from this conference.
20060323-ukuug2006lisa-audit.pdf - Presentation: CAPP-Compliant Security Event Audit System for Mac OS X and FreeBSD.
OpenBSM is a BSD-licensed implementation of Sun's Basic Security Module (BSM) API and file format, and is the foundation of the TrustedBSD audit implementation for FreeBSD. This talk will cover the requirements, design, and implementation of audit support for FreeBSD. Security audit support provides detailed logging of security-relevant events, and meets the requirements of the CAPP Common Criteria protection profile.
This paper describes the Common Criteria security event auditing implementation added to the FreeBSD operating system by the TrustedBSD Project. Audit is a critical element in operating system security evaluation and operation, but both the standards-based and operational requirements are complex. This paper describes the requirements, FreeBSD kernel implementation, extensible file format adopted from OpenSolaris BSM, mechanisms used for processing and maintaining the audit trail, and the OpenBSM audit library and tool set. Of importance is not just the content of audit records, but also the reliability guarantees associated with the queuing and delivery mechanisms.
Copyright 2006 Robert N. M. Watson. All rights reserved.