OpenSolaris

1. Project: OpenSolaris Security Audit
   1. Discussions
   2. Leaders
   3. Observers
   4. Repositories
   5. Audit Projects
      1. No-reboot Audit
      2. XML Driven adt Build
      3. Remote Audit Trail Storage
      4. auditd(1M) Configuration in SMF
   6. HowTos
      1. HowTo Add a New adt_ Event
      2. HowTo Add a New Message List to adt_ Interfaces
   7. Files

OpenSolaris Project: OpenSolaris Security Audit

View the leaders for this project
Project Observers

Endorsing communities

Security

Overview

OpenSolaris Audit project builds on top of the existing Solaris Auditing subsystem and aims to promote wider adoption and develop other features in accord with sysadmin/customer needs.

Intro from System Administration Guide

Auditing is the collecting of data about the use of system resources. The audit data provides a record of security-related system events. This data can then be used to assign responsibility for actions that take place on a host. Successful auditing starts with two security features: identification and authentication. At each login, after a user supplies a user name and password, a unique audit session ID is generated and associated with the user's process. The audit session ID is inherited by every process that is started during the login session. Even if a user changes identity within a single session, all user actions are tracked with the same audit session ID.

Solaris auditing helps to detect potential security breaches by revealing suspicious or abnormal patterns of system usage. Solaris auditing also provides a means to trace suspect actions back to a particular user, thus serving as a deterrent. Users who know that their activities are being audited are less likely to attempt malicious activities.

Goals

1. enable/disable audit without reboot
2. facilitate complete (userland) automated build process (libbsm(3LIB), bsmrecord(1M), libadt_jni)
3. signed audit trail
4. reliable audit transmission/remote storage
5. integrate or develop audit reporting/analysis tools
6. IDS integration, ie. delivering audit events in real time via a defined interface
7. configuration tools/GUI

Documentation

• Product description
• System Administration Guide: Security Services
• Trusted Solaris Audit Administration

How can you participate

If you would like to help or influence auditing projects:

• feel free to subscribe and share in the discussions
• discuss design notes to be published soon
• clean up the code

Source code

Auditing code is a part of OpenSolaris code base available via Mercurial repository:

hg pull -u ssh://anon at hg dot opensolaris dot org/hg/onnv/onnv-gate

and look at:

• usr/src/lib/{libbsm,libadt_jni}
• usr/src/cmd/{bsmrecord,audit,auditd}
• usr/src/uts/common/c2

Sources are available also in source code browser here

Project-local repositories

All repositories are stored on hg.opensolaris.org and have anonymous access

• Website /hg/audit/website
• Webrev /hg/audit/webrev
• MQ patches for new projects/fixes /hg/audit/patches

Links

• Event auditing on FreeBSD
• TrustedBSD audit
• BSMGUI @ Sourceforge