The FreeBSD 7-CURRENT development branch includes support for Event Auditing based on the POSIX®.1e draft and Sun's published BSM API and file format. Event auditing permits the selective logging of security-relevant system events for the purposes of post-mortem analysis, system monitoring, and intrusion detection. After some settling time in FreeBSD 7-CURRENT, this support will be merged to FreeBSD 6-STABLE and appear in subsequent releases.
OstrzeżenieThe audit facility in FreeBSD is considered experimental, and production deployment should occur only after careful consideration of the risks of deploying experimental software.
This chapter will focus mainly on the installation and configuration of Event Auditing. Explanation of audit policies, and an example configuration will be provided for the convenience of the reader.
After reading this chapter, you will know:
What Event Auditing is and how it works.
How to configure Event Auditing on FreeBSD for users and processes.
Before reading this chapter, you should:
Understand UNIX® and FreeBSD basics (Rozdział 3).
Be familiar with the basics of kernel configuration/compilation (Rozdział 8).
Have some familiarity with security and how it pertains to FreeBSD (Rozdział 14).
OstrzeżenieEvent auditing can generate a great deal of log file data, exceeding gigabytes a week in some configurations. An administrator should read this chapter in its entirety to avoid possible self-inflicted DoS attacks due to improper configuration.
The implementation of Event Auditing in FreeBSD is similar to that of the Sun™ Basic Security Module, or BSM library. Thus, the configuration is almost completely interchangeable with Solaris™ and Mac OS X/Darwin operating systems.
| Poprzedni | Spis treści | Następny |
| Troubleshooting the MAC Framework | Początek rozdziału | Key Terms - Words to Know |
Ten i inne dokumenty można pobrać z ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/.
W przypadku pytań o FreeBSD prosimy przeczytać dostępną dokumentację przed kontaktem z <questions@FreeBSD.org>.
W sprawie zapytań o tę dokumentację prosimy o kontakt z <doc@FreeBSD.org>.