TrustedBSD Auditing Facilities (was RE: FreeBSD usage in safety-c ritical environments)

Robert Watson rwatson at FreeBSD.org
Fri Oct 11 14:05:42 GMT 2002


On Fri, 11 Oct 2002, Nelson, Trent . wrote:

> > We don't current have an audit
> > implementation, but I'm working to resolve that issue as soon as possible.
> > The only big thing missing from the picture is actually someone who wants
> > to bring FreeBSD to market with an evaluation--someone who's willing to go
> > the distance on the evaluation process (paperwork, testing, etc).  My
> > goals for FreeBSD 6.0 include feature completeness on CAPP (C2) and LSPP
> > (B1).
> 
> 	Has anyone taken a look at how Tru64 UNIX tackles auditing, or
> even enhanced security in general?  I've had to devise a strategy over
> the last few weeks for work to address the need for cross-Atlantic
> network connectivity between a test-bed environment and what will
> eventually become a 'live' safety-critical environment.  The security
> configuration for such a system (system being the components interacting
> with the link, not the actual safety-critical system per se) must be
> very tight, and we've basically prevented connectivity to anything other
> than the Tru64 UNIX servers as nothing else we have can be configured to
> an acceptable level (well, at least Linux anyway). 
> 
> 	The Security Integration Architecture and auditing subsystem of
> Tru64 UNIX are quiet elegant, IMO, and I believe they'd provide a good
> basis for the road TrustedBSD would eventually have to travel down. 
> 
> 	The security documentation (which details all of this, and a lot
> more) for Tru64 UNIX can be found at: 
> 
> http://www.tru64unix.compaq.com/docs/base_doc/DOCUMENTATION/V51A_PDF/ARH95DT
> E.PDF
> 
> 	General documentation can be found at: 
> 
> 	http://www.tru64unix.compaq.com/docs/pub_page/V51A_DOCS/ADM_DOCS.HTM

I'm not familiar with the Tru64 environment, but will certainly read up on
the URLs you've referenced.  Andrew Reiter did a partial Audit
implementation for FreeBSD and I'm currently working on an opportunity to
do a complete implementation.  Thus far, I've mostly looked at the Solaris
and IRIX audit implementations, and one option I've been looking at is
generating Audit trails for FreeBSD using the BSM format Sun uses for
their trails.  I know there are a number of third party consumers of BSM
audit data, for example, providing some motivation for doing this if it's
feasible.  Hopefully we'll be able to announce some progress in this space
soon.

Our ACL implementation, btw, is similar to the Solaris and IRIX
implementations, and presumably Tru64 since they all attempt to provide a
model relatively compatible with the current permission model.  My
recollection is that Tru64 doesn't use the "MASK" notion present in our
implementation (+Solaris, IRIX), but otherwise things should be much the
same.  With UFS2 in FreeBSD 5.0, the ACL implementation has much improved
performance over UFS1, as well as improved consistency properties if
there's a system failure.

I currently have a sub-contractor who has some time allocated to evaluate
the possibilities regarding integrating CDSA support into FreeBSD, and
we've focussed a fair amount of time on a fresh PAM implementation for
FreeBSD 5.0 (OpenPAM), which addresses many of the problems associated
with PAM in earlier FreeBSD revisions.  For example, PAM is now properly
integrated into all base system services, and we support more
authentication types. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Network Associates Laboratories



To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message



More information about the trustedbsd-discuss mailing list