---
name: openbsm-devel
version: 1.2.a3_1
origin: security/openbsm-devel
comment: Open Source Basic Security Module (BSM) Audit Implementation
arch: freebsd:9:x86:64
www: http://www.trustedbsd.org/openbsm.html
maintainer: zi@FreeBSD.org
prefix: /usr/local
licenselogic: single
licenses: [BSD]
flatsize: 782759
desc: |
  OpenBSM is an open source implementation of Sun's Basic Security Module (BSM)
  Audit API and file format. BSM, the de facto industry standard for Audit,
  describes a set of system call and library interfaces for managing audit
  records, as well as a token stream file format that permits extensible and
  generalized audit trail processing. OpenBSM extends the BSM API and file
  format in a number of ways to support features present in the Mac OS X and
  FreeBSD operating systems, such as Mach task interfaces, sendfile(), and
  Linux system calls present in the FreeBSD Linux emulation layer.

  WWW: http://www.trustedbsd.org/openbsm.html
categories: [security]
users: [auditdistd]
groups: [audit]
files:
  /usr/local/etc/rc.d/auditdistd: da5cada4cc0183ab463eebe7936b13638f22c691ffdb087782da74b976de1e78
  /usr/local/include/bsm/audit.h: 9ed7f80d7a3da7883cee7d04a5783230e6d049db19799ac52a8c6b6603f3ea40
  /usr/local/include/bsm/audit_domain.h: 243a7b75a65d724420875bc082d1d2529ecd61632b994e32878b83b03861898d
  /usr/local/include/bsm/audit_errno.h: 41cce53af69d639a973513c33bcc337e96976efce6ca95bcc1593a5c087b1139
  /usr/local/include/bsm/audit_fcntl.h: d3f1a15aca3b4ab526b3b4c0bb162c23ee770c2de29721da45171760b1cb98c5
  /usr/local/include/bsm/audit_filter.h: 05ae74cbc2c6ba5e0be98dc395aba91b91a12897e1667f7363fe17363f9ea847
  /usr/local/include/bsm/audit_internal.h: b24d5bea15088cc97e6166e35e379fce01bdd1322746b9637b1b01b738c4baec
  /usr/local/include/bsm/audit_kevents.h: 4068cccf348beab213c1170d84495d4811089a1b7585dc246ac08175fca6d504
  /usr/local/include/bsm/audit_record.h: ddca80524ce456f9c05a7421aa43a3a910f9108855516392d726bcacd6695ef2
  /usr/local/include/bsm/audit_socket_type.h: 0ca46045f0d126a31b33d221895cdf6d6843e0278f9eb0dbee80a133e8244145
  /usr/local/include/bsm/audit_uevents.h: ec53df05d283a7d2409efd3753a6e2fc2b772553f82b66cb900a310ef6c061cf
  /usr/local/include/bsm/auditd_lib.h: a0086a0d04858f5fa562266be04259144712bae22ea94cf7a3cdd7ab64de7946
  /usr/local/include/bsm/libbsm.h: 95965c3fe2128b0e0727096b2229cccc3289cfc2f0ae8ce55d2ed1ec87d7e795
  /usr/local/lib/auditfilter_noop.a: e5a85b2dea7d0da4fa0c028f042d4b6c6c09de62e8d785a711b2010f5655de58
  /usr/local/lib/auditfilter_noop.la: 2eb288d48dad1f42b12ea44a459125cd4e80540e904ea2439308ee3c4056362a
  /usr/local/lib/auditfilter_noop.so: '-'
  /usr/local/lib/auditfilter_noop.so.0: 58a5b625e8b53fbd848c73d79d0783336634f7c49c40a3a089681a3cc3a8240e
  /usr/local/lib/libauditd.a: 8e67c154e73b5fcdc2da9d1eebaaeece21c3685977da4d7dbf6932641faf06e8
  /usr/local/lib/libauditd.la: 6d88bde471d78b5506ef5977ec64a1cc5e75f611e518b5c80ad71220c73a7751
  /usr/local/lib/libauditd.so: '-'
  /usr/local/lib/libauditd.so.0: e16938ed065d5761143ac48133b05911a1bb9af80d468a49edebc9ccad0eed0c
  /usr/local/lib/libbsm.a: 26639759ca336b7a06e58e260f130854573d90a12276794b1dc3e9d2c51237bf
  /usr/local/lib/libbsm.la: e69b6d8da12ee26e349a94d35fd10617969d99505b09762fbddccc58016f37d2
  /usr/local/lib/libbsm.so: '-'
  /usr/local/lib/libbsm.so.0: d1ee3f9f4f641922719de32eac234a0f500ec6909622325c4fcb6976eada155a
  /usr/local/man/man1/auditreduce.1.gz: 003992d5c60e2b7ad6588bb782599c9d02edab9016d6cb66100c792cb2266f92
  /usr/local/man/man1/praudit.1.gz: 750716ede6adeab3769071dae7077bbb00b1979f65bc0b193278ae2a7d554c00
  /usr/local/man/man2/audit.2.gz: cf0d3c32f148c4fdd8598d32274d38dc97a5b680c5dcb2637f1b9ca42ff79341
  /usr/local/man/man2/auditctl.2.gz: ac02a427e758da2a6e838d9db19dcd77b00dc8cccfba88b4e35b2898f8170669
  /usr/local/man/man2/auditon.2.gz: 3da9ed8592e38b21f2fd1360790366e8b8f20deb7a8da44b7c60b8bfefd946e2
  /usr/local/man/man2/getaudit.2.gz: c222bf7e2f33f80855e570546efa41c659078853facea156d406defe48e3c9d7
  /usr/local/man/man2/getauid.2.gz: cb9479790bf84bcb739af161608b00318786975ca23d8ffdb85eb94a3b6cbf2a
  /usr/local/man/man2/setaudit.2.gz: ec1a02861fc69099be147713c1c6d20931a4007c5852cbd612859c6cb0b9ef14
  /usr/local/man/man2/setauid.2.gz: 9773d20a67dccd58a6933438e50e9047fdc47588b9f46db4b2fc79d2e26e1aa4
  /usr/local/man/man3/au_class.3.gz: 1f16515126d80fdf9367009187adf6be5c728399cea0b86ab083a6050ba057f6
  /usr/local/man/man3/au_control.3.gz: 6a6c86dc3e4392336d18200e9b96a4a3d83b6f9b169f9a54efb6e73892a2e6e4
  /usr/local/man/man3/au_domain.3.gz: 873144150619c6e83911c53050fdc8a863cb4e30c587c86ea0860997ab70698b
  /usr/local/man/man3/au_errno.3.gz: b6ad9b4f78e7c0b9a34e2a6f37f981d93a1bd051acaa16019ab389f476b2dbe9
  /usr/local/man/man3/au_event.3.gz: 10ffbaab76c3b74ae4db49bb68e6dfca2d88f1c23c07c3215595c72d7f309630
  /usr/local/man/man3/au_fcntl_cmd.3.gz: 983282d7e6dc2c2c91aad111cc1947d1080ea3f8cefde820d67d3a284fcdbd7e
  /usr/local/man/man3/au_free_token.3.gz: 3a0c1c855e093935c7212dc527eb017e1275fc6fa0f422a1d3a7f3b077ec11fd
  /usr/local/man/man3/au_io.3.gz: e977012ba85aefa60a7db94730b10b50f570c5ee5d567e93e2098794934adff7
  /usr/local/man/man3/au_mask.3.gz: b39af58bb8620233880f1c73b7d802666b49c4483c48a744dd82633e2868c7ef
  /usr/local/man/man3/au_open.3.gz: f1c47cc54c43739dc20bf885be0f0b5f6b372ef5dc01f33d424defc28895328c
  /usr/local/man/man3/au_socket_type.3.gz: d56602dc972d55e77fd193b7f17daafd1498591d8c881f97b8a11033a6a006f0
  /usr/local/man/man3/au_token.3.gz: aa8de7cf1d3efa4ca5be43487ef593abf77dfb4fb535ece3ebcf7e35c5dcd1ed
  /usr/local/man/man3/au_user.3.gz: b8a1bbdca72d13cc1620d34deb14479f31e7b8659e71bb3b4ed883c596fdb459
  /usr/local/man/man3/libauditd.3.gz: 555a8b4ccc3d093381368ecadd4a560ad370e901840733c45f21660d583bc048
  /usr/local/man/man3/libbsm.3.gz: 047dfb57882acbe414d7c0489f094d9cab2bcdb39469c8282788ce5825e89f54
  /usr/local/man/man5/audit.log.5.gz: 297c05a4cccf04d716b3342a5bb3655875521be8a330d7570631e8fddeda8aeb
  /usr/local/man/man5/audit_class.5.gz: 527cfa3c1e3f609caafa49de3b50e8c35c92832998b92dc385a9411816eaaeed
  /usr/local/man/man5/audit_control.5.gz: 04a3446335cdba15560fa2119ce8df983bddf4a73095eb285bcb017ed415214c
  /usr/local/man/man5/audit_event.5.gz: 26b629b5bf84864050499feb345b6e419a521442bba3adbf277172168f3d5420
  /usr/local/man/man5/audit_user.5.gz: 11b59e3e1dab2244c4ea8801dfe4260593af0e12ec5c4550d2fb5fc90d9188e3
  /usr/local/man/man5/audit_warn.5.gz: be8e59f0b9e1b3405a4bccca01b02442a079263b5010bdc3e605310a6ea9c338
  /usr/local/man/man5/auditdistd.conf.5.gz: 7a84479ad93362d3ce1cd81e2cc57c56bae36c3aa45f1681d07459afe3972b11
  /usr/local/man/man8/audit.8.gz: 27f630bf1b6acdbb566b0fb2387cc4354aa395d7ebc258acd38a2ed89ef1d000
  /usr/local/man/man8/auditd.8.gz: 665d86e2d58e43317c434acde95f06594e6a0128c3d019b878466ba503c9c7cf
  /usr/local/man/man8/auditdistd.8.gz: faaa2ab1a55119b4c8e215731a82dc9a0d1c478e484b712ab514a58f8234fcbe
  /usr/local/man/man8/auditfilterd.8.gz: 96e6dc46089192060a2aa9feaad81034610a6bd8d85bad31b4c86f038f404a63
  /usr/local/sbin/audit: 4eba8ec83a214bd3e3d5fa68b7a5a321d47632bc08655f73d7727a8ab398aaa5
  /usr/local/sbin/auditd: 5b7227446c5ce3f88fc88914fb8f35c03990f02593e204ec13586c27b2fe4af9
  /usr/local/sbin/auditdistd: ea27de26a405a1764e3dd84bb6472abf350555499b7019d892f9bf0204f94cec
  /usr/local/sbin/auditfilterd: 62776d9705b76788fae3974665e5403df7c3a347c9413b1da5388b0f26ecf79e
  /usr/local/sbin/auditreduce: d390a90dd06d6a159aa86d4e2ce255333f85fb842536ab6e8c71a9c520adc612
  /usr/local/sbin/praudit: c4f37f2e45bcf01cfe7380cfe9564e6396277af971c2a40aa561e5cf5303b764
  /usr/local/share/licenses/openbsm-devel-1.2.a3_1/BSD: fb4228125627e8d0d1f1fa590ac16622f5413b50f7b64814e02a193ff99cfd63
  /usr/local/share/licenses/openbsm-devel-1.2.a3_1/LICENSE: d9cce0db43502eb1bd8fbef7e960cfaa43b5647186f7f7379923b336209fd77b
  /usr/local/share/licenses/openbsm-devel-1.2.a3_1/catalog.mk: 8cd8e54ca975cd5d79368dba373659dab97fe1bb7ab389111c3ad37bc5b5e385
directories:
  /var/audit/remote/: y
  /var/audit/dist/: y
  /usr/local/share/licenses/openbsm-devel-1.2.a3_1/: n
  /usr/local/share/licenses/: y
  /usr/local/include/bsm/: n
scripts:
  post-install: |
    echo "===> Creating users and/or groups."
    if ! /usr/sbin/pw groupshow audit >/dev/null 2>&1; then  echo "Creating group 'audit' with gid '77'.";  /usr/sbin/pw groupadd audit -g 77; else echo "Using existing group 'audit'."; fi
    if ! /usr/sbin/pw usershow auditdistd >/dev/null 2>&1; then  echo "Creating user 'auditdistd' with uid '78'.";  /usr/sbin/pw useradd auditdistd -u 78 -g 77  -c "Auditdistd unprivileged user" -d /var/empty -s /usr/sbin/nologin;  else echo "Using existing user 'auditdistd'."; fi
    cd /
    mkdir -m 0770 var/audit/dist
    mkdir -m 0700 var/audit/remote
    chown auditdistd:audit var/audit/dist
    chown auditdistd:wheel var/audit/remote
    /sbin/ldconfig -m /usr/local/lib
    cd /usr/local
    cd /usr/local
  pre-deinstall: |
    cd /
    /sbin/ldconfig -R
    cd /usr/local
    cd /usr/local
  post-deinstall: |
    cd /
    cd /usr/local
    cd /usr/local
message: "===============================================================================\n\nAdditional
  configuration is required if you wish to use auditdistd:\n\nOn the receiver, perform
  the following:\n\n1. Generate a certificate:\n# openssl req -x509 -nodes -newkey
  rsa:4096 -days 1825 -batch \\\n\t-out /etc/security/auditdistd.cert.pem \\\n\t-keyout
  /etc/security/auditdistd.key.pem\n# chmod 0600 /etc/security/auditdistd.key.pem
  /etc/security/auditdistd.cert.pem\n# chown root:wheel /etc/security/auditdistd.key.pem
  /etc/security/auditdistd.cert.pem\n\n2. Print out the public key's fingerprint:\n#
  openssl x509 -in /etc/security/auditdistd.cert.pem -noout -fingerprint -sha256 |
  \\\n        awk -F '[ =]' '{printf(\"%25s=%25s\\n\", $1, $3)}'\nSHA256=8F:0A:FC:8A:3D:09:80:AF:D9:AA:38:CC:8A:86:53:E6:8F:B6:1C:55:30...\n\n3.
  Generate a password used to authenticate both hosts against eachother:\n# dd if=/dev/urandom
  bs=32 count=1 | openssl base64 | cut -b -32\nYjwbK69H5cEBlhcT+eJpJgJTFn5B2SrG\n\n4.
  Create /etc/security/auditdistd.conf configuration file: \nreceiver {\n\thost \"<enter
  hostname of sender here> {\n\t\tremote \"tls://<enter IP of sender here>\"\n\t\tpassword
  \"<enter password generated above here>\"\n\t}\n}\n\n5. Update permissions on the
  auditdistd configuration file:\n# chmod 600 /etc/security/auditdistd.conf\n# chown
  root:wheel /etc/security/auditdistd.conf\n\n6. Add the following to /etc/rc.conf:\nauditdistd_enable=\"YES\"\n\n7.
  Start auditdistd:\nservice auditdistd start\n\n===============================================================================\n\nOn
  the sender, perform the following:\n\n1. Ensure your kernel is compiled with:\noptions\t\tAUDIT\n\n2.
  Add the following to /etc/rc.conf:\nauditd_enable=\"YES\"\nauditd_program=\"/usr/local/sbin/auditd\"\nauditdistd_enable=\"YES\"\n\n3.
  Add the following to /etc/security/audit_control:\ndist:on\n\n4. Create /etc/security/auditdistd.conf
  configuration file:\nsender {\n\thost \"<enter hostname of receiver here>\" {\n\tremote
  \"tls://<enter IP of the receiver here>\"\n\tfingerprint \"SHA256=8F:0A:FC:8A:3D:09:80:AF:D9:AA:38:CC:8A:86:...\"\n\tpassword
  \"<enter password generated above here>\"\n\t}\n}\n\n4. Start the required daemons:\nservice
  auditd start && service auditdistd start\n\nAdditional information regarding auditdistd
  may be found on the OpenBSM wiki:\nhttps://wiki.freebsd.org/auditdistd\n===============================================================================\n"
