bsmtrace 1.3 security =3

BSM based intrusion detection system
Maintained by: alm@FreeBSD.org
Port Added: 15 Jul 2007 17:47:52
License: not specified in port

---

---

bsmtrace is a BSM based intrusion detection system, utilizing audit trails
and real-time audit event analysis through auditpipe(4).  This host based
IDS operates using a finite state machine principles with a flexible
sequence driven signature system.

WWW: http://people.freebsd.org/~csjp/bsmtrace/bsmtrace.txt

CVSWeb : Sources : Main Web Site : Distfiles Availability : PortsMonThere are no ports dependent upon this port

---

To install the port: cd /usr/ports/security/bsmtrace/ && make install clean
To add the package: pkg_add -r bsmtrace

---

Configuration Options

     No options to configure

---

Master Sites:

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/csjp/

ftp://ftp.se.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/csjp/

ftp://ftp.uk.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/csjp/

ftp://ftp.ru.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/csjp/

ftp://ftp.jp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/csjp/

ftp://ftp.tw.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/csjp/

ftp://ftp.cn.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/csjp/

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/

Update bsmtrace port to version 1.3

-Add support for larger set sizes (for group/user specifications)
-Add the ability to pass the effective uid to a trigger
-Fixed bug which resulted in "status" being ignored for single
 state sequences
-Added support for logging channels.
-Added support for state triggers.
-Fixed bug where alerts were being produced for state machines
 that have been expired. (Alerts have already been generated).
-Fixed two memory leaks which could really impact systems with high
 volumes audit records.

Approved by:    wxs
Reviewed by:    alm (maintainer)

Update bsmtrace to 1.1.0.

1.1.0 fixes a pretty serious bug which resulted in BSM records without
pathname tokens being processed in some cases.

Additionally, timeout-window and timeout-probability features were added
to allow people defining sequences with timeouts to add an element of
randomness to the timeout, in theory making it more difficult for people
to attack.

timeout 60;
timeout-window 10;
timeout-probability 65;

Basically equates to:

"This sequence should timeout in a random amount of time, where the
 probability of the timeout being from 60-70 is 65%"

It should be noted that there is a probability of 35% that the value will
be completely random.  So naturally, the lower the timeout-probability, the
more random the timeout will be.

Approved by:    tmclaugh

Add the bsmtrace port.

bsmtrace is a audit driven host based intrusion detection system which
operates on finite state machine principles.  Since it's audit driven,
it requires that operating system security auditing be enabled. This
requires FreeBSD 6.2 at a minimum.  By default it provides real-time
analysis through the use of an audit pipe, however it can operate on
regular audit trail files as well.

Approved by:    Pav
Reviewed by:    Pav (and others)

17 vulnerabilities affecting 41 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities