Security Audit is a security feature provided by most commercial operating
systems to track security-related events in security-critical
environments, but currently not available in most open source systems.
This talk describes the FreeBSD Audit implementation, based on the Darwin
audit implementation, which provides the industry-standard BSM token
stream format and application programming interface. We discuss an audit
event stream engine introduced into the FreeBSD kernel, modifications
throughout the kernel to capture security event information, the BSM audit
format and APIs, and the pre-selection/post-selection "interest" mechanism
that allows the administrator to select what types of events should be
This talk is appropriate for system developers and system
administrators interested in security event logging.
speaker not assigned
location: SITE B0138