aboutsummaryrefslogtreecommitdiffstats
path: root/security/bsmtrace
Commit message (Collapse)AuthorAgeFilesLines
* Update bsmtrace to 1.1.0.csjp2007-10-242-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | 1.1.0 fixes a pretty serious bug which resulted in BSM records without pathname tokens being processed in some cases. Additionally, timeout-window and timeout-probability features were added to allow people defining sequences with timeouts to add an element of randomness to the timeout, in theory making it more difficult for people to attack. timeout 60; timeout-window 10; timeout-probability 65; Basically equates to: "This sequence should timeout in a random amount of time, where the probability of the timeout being from 60-70 is 65%" It should be noted that there is a probability of 35% that the value will be completely random. So naturally, the lower the timeout-probability, the more random the timeout will be. Approved by: tmclaugh
* Add the bsmtrace port.csjp2007-07-165-0/+64
bsmtrace is a audit driven host based intrusion detection system which operates on finite state machine principles. Since it's audit driven, it requires that operating system security auditing be enabled. This requires FreeBSD 6.2 at a minimum. By default it provides real-time analysis through the use of an audit pipe, however it can operate on regular audit trail files as well. Approved by: Pav Reviewed by: Pav (and others)