# This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # openbsm-devel/ # openbsm-devel/distinfo # openbsm-devel/pkg-descr # openbsm-devel/pkg-plist # openbsm-devel/Makefile # openbsm-devel/files # openbsm-devel/files/auditdistd.in # openbsm-devel/files/pkg-message.in # echo c - openbsm-devel/ mkdir -p openbsm-devel/ > /dev/null 2>&1 echo x - openbsm-devel/distinfo sed 's/^X//' >openbsm-devel/distinfo << 'f0261b0a033a115d214e1b2c173c8664' XSHA256 (openbsm-1.2-alpha3.tgz) = 88c9035e3c436b6ca5d19e9143bbc2c93b4a579da9e52fe10672cce51bd5a74e XSIZE (openbsm-1.2-alpha3.tgz) = 691013 f0261b0a033a115d214e1b2c173c8664 echo x - openbsm-devel/pkg-descr sed 's/^X//' >openbsm-devel/pkg-descr << '94fb26d5083c3ac6ae01b4d8317b6ea1' XOpenBSM is an open source implementation of Sun's Basic Security Module (BSM) XAudit API and file format. BSM, the de facto industry standard for Audit, Xdescribes a set of system call and library interfaces for managing audit Xrecords, as well as a token stream file format that permits extensible and Xgeneralized audit trail processing. OpenBSM extends the BSM API and file Xformat in a number of ways to support features present in the Mac OS X and XFreeBSD operating systems, such as Mach task interfaces, sendfile(), and XLinux system calls present in the FreeBSD Linux emulation layer. X XWWW: http://www.trustedbsd.org/openbsm.html 94fb26d5083c3ac6ae01b4d8317b6ea1 echo x - openbsm-devel/pkg-plist sed 's/^X//' >openbsm-devel/pkg-plist << '461ef53330f481633cf86c2087548e2e' Xinclude/bsm/audit.h Xinclude/bsm/audit_domain.h Xinclude/bsm/audit_errno.h Xinclude/bsm/audit_fcntl.h Xinclude/bsm/audit_filter.h Xinclude/bsm/audit_internal.h Xinclude/bsm/audit_kevents.h Xinclude/bsm/audit_record.h Xinclude/bsm/audit_socket_type.h Xinclude/bsm/audit_uevents.h Xinclude/bsm/auditd_lib.h Xinclude/bsm/libbsm.h Xlib/auditfilter_noop.a Xlib/auditfilter_noop.la Xlib/auditfilter_noop.so Xlib/auditfilter_noop.so.0 Xlib/libauditd.a Xlib/libauditd.la Xlib/libauditd.so Xlib/libauditd.so.0 Xlib/libbsm.a Xlib/libbsm.la Xlib/libbsm.so Xlib/libbsm.so.0 Xsbin/audit Xsbin/auditd Xsbin/auditdistd Xsbin/auditfilterd Xsbin/auditreduce Xsbin/praudit X@dirrm include/bsm X@cwd / X@exec mkdir -m 0770 var/audit/dist X@exec mkdir -m 0700 var/audit/remote X@exec chown %%USERS%%:%%GROUPS var/audit/dist X@exec chown %%USERS%%:wheel var/audit/remote X@unexec rmdir var/audit/dist 2>/dev/null || true X@unexec rmdir var/audit/remote 2>/dev/null || true 461ef53330f481633cf86c2087548e2e echo x - openbsm-devel/Makefile sed 's/^X//' >openbsm-devel/Makefile << 'a8036a523448ef25fa134c84d7e60d9f' X# Created by: Ryan Steinmetz X# $FreeBSD$ X XPORTNAME= openbsm XDISTVERSION= 1.2-alpha3 XCATEGORIES= security XMASTER_SITES= http://www.trustedbsd.org/downloads/ \ X http://mirrors.rit.edu/zi/ X#DISTNAME= openbsm-${DISTVERSION} XEXTRACT_SUFX= .tgz X XMAINTAINER= zi@FreeBSD.org XCOMMENT= Open Source Basic Security Module (BSM) Audit Implementation X XLICENSE= BSD XLICENSE_FILE= ${WRKSRC}/LICENSE X XGNU_CONFIGURE= yes XUSE_LDCONFIG= yes X XUSE_RC_SUBR= auditdistd XSUB_FILES= pkg-message XPLIST_SUB= USERS=${USERS} GROUPS=${GROUPS} X XUSERS= auditdistd XGROUPS= audit X XVARAUDIT= /var/audit XMAN1= auditreduce.1 praudit.1 XMAN2= audit.2 auditctl.2 auditon.2 getaudit.2 getauid.2 setaudit.2 \ X setauid.2 XMAN3= au_class.3 au_control.3 au_domain.3 au_errno.3 au_event.3 \ X au_fcntl_cmd.3 au_free_token.3 au_io.3 au_mask.3 au_open.3 \ X au_socket_type.3 au_token.3 au_user.3 libauditd.3 libbsm.3 XMAN5= audit.log.5 auditdistd.conf.5 audit_class.5 audit_control.5 \ X audit_event.5 audit_user.5 audit_warn.5 XMAN8= auditfilterd.8 audit.8 auditd.8 auditdistd.8 X X.include X X.if ${OSVERSION} <= 800000 XIGNORE= requires FreeBSD 8.x or above X.endif X X.if ${OSVERSION} >= 1000000 XIGNORE= is not needed under FreeBSD 10.x or higher X.endif X Xpost-install: X @${MKDIR} -m 0770 ${VARAUDIT}/dist X @${MKDIR} -m 0700 ${VARAUDIT}/remote X @${CHOWN} ${USERS}:${GROUPS} ${VARAUDIT}/dist X @${CHOWN} ${USERS}:wheel ${VARAUDIT}/remote X @${CAT} ${PKGMESSAGE} X X.include a8036a523448ef25fa134c84d7e60d9f echo c - openbsm-devel/files mkdir -p openbsm-devel/files > /dev/null 2>&1 echo x - openbsm-devel/files/auditdistd.in sed 's/^X//' >openbsm-devel/files/auditdistd.in << 'a434c9f1a3489b50d7805dff5ddac1fc' X#!/bin/sh X# X# $FreeBSD$ X# X X# PROVIDE: auditdistd X# REQUIRE: auditd X# BEFORE: DAEMON X# KEYWORD: nojail shutdown X X. /etc/rc.subr X Xname="auditdistd" Xrcvar="${name}_enable" Xpidfile="/var/run/${name}.pid" Xcommand="%%PREFIX%%/sbin/${name}" Xrequired_files="/etc/security/${name}.conf" Xextra_commands="reload" X Xload_rc_config $name Xrun_rc_command "$1" a434c9f1a3489b50d7805dff5ddac1fc echo x - openbsm-devel/files/pkg-message.in sed 's/^X//' >openbsm-devel/files/pkg-message.in << '337131460291cc32f54535adf791d21b' X=============================================================================== X XAdditional configuration is required if you wish to use auditdistd: X XOn the receiver, perform the following: X X1. Generate a certificate: X# openssl req -x509 -nodes -newkey rsa:4096 -days 1825 -batch \ X -out /etc/security/auditdistd.cert.pem \ X -keyout /etc/security/auditdistd.key.pem X# chmod 0600 /etc/security/auditdistd.key.pem /etc/security/auditdistd.cert.pem X# chown root:wheel /etc/security/auditdistd.key.pem /etc/security/auditdistd.cert.pem X X2. Print out the public key's fingerprint: X# openssl x509 -in /etc/security/auditdistd.cert.pem -noout -fingerprint -sha256 | \ X awk -F '[ =]' '{printf("%s=%s\n", $1, $3)}' XSHA256=8F:0A:FC:8A:3D:09:80:AF:D9:AA:38:CC:8A:86:53:E6:8F:B6:1C:55:30... X X3. Generate a password used to authenticate both hosts against eachother: X# dd if=/dev/urandom bs=32 count=1 | openssl base64 | cut -b -32 XYjwbK69H5cEBlhcT+eJpJgJTFn5B2SrG X X4. Create /etc/security/auditdistd.conf configuration file: Xreceiver { X host " { X remote "tls://" X password "" X } X} X X5. Update permissions on the auditdistd configuration file: X# chmod 600 /etc/security/auditdistd.conf X# chown root:wheel /etc/security/auditdistd.conf X X6. Add the following to /etc/rc.conf: Xauditdistd_enable="YES" X X7. Start auditdistd: Xservice auditdistd start X X=============================================================================== X XOn the sender, perform the following: X X1. Ensure your kernel is compiled with: Xoptions AUDIT X X2. Add the following to /etc/rc.conf: Xauditd_enable="YES" Xauditd_program="%%PREFIX%%/sbin/auditd" Xauditdistd_enable="YES" X X3. Add the following to /etc/security/audit_control: Xdist:on X X4. Create /etc/security/auditdistd.conf configuration file: Xsender { X host "" { X remote "tls://" X fingerprint "SHA256=8F:0A:FC:8A:3D:09:80:AF:D9:AA:38:CC:8A:86:..." X password "" X } X} X X4. Start the required daemons: Xservice auditd start && service auditdistd start X XAdditional information regarding auditdistd may be found on the OpenBSM wiki: Xhttps://wiki.freebsd.org/auditdistd X=============================================================================== 337131460291cc32f54535adf791d21b exit