[NEW] security/bsmtrace3: BSM based intrusion detection system


[NEW] security/bsmtrace3: BSM based intrusion detection system

bsmtrace is a BSM based intrusion detection system, utilizing audit trails
and real-time audit event analysis through auditpipe(4). This host based
IDS operates using a finite state machine principles with a flexible
sequence driven signature system.

WWW: https://www.github.com/openbsm/bsmtrace

This is a repocopy of security/bsmtrace, updated to recently-released 3.x.
There are breaking changes between 1.x and 3.x, so it was decided to create
a new port to give consumers some time to update their configs. The old
security/bsmtrace should be deprecated in fairly short order, after
bsmtrace3 has received a little bit of soak time in ports.

bsmtrace 3.x, compared to the previous port, offers following new features:

  • Set arrays will now resize on the fly, so the size limits should be no more
  • Logging channels have been removed, there's now one logfile directive that can be applied at the global level to switch the logfile, assuming the -l logdir option is in use
  • Other config files can now be included with the 'include' directive; globs are not currently supported, paths are relative to the primary config file
  • Sequences can now be configured to match on the jail name with the per-sequence zone directive; valid values are: any, none, or a glob string that matches the jail name. Any = any jail, not the host. None = Only the host, no jails.

Other points:

  • The Makefile patch is no longer needed as PCRE is now a mandatory dependency.
  • The dprintf(3) conflict is no more, so the rest of the patches also disappear.
  • This port now installs manpages to ${PREFIX}/share/man as per recent guidelines to reflect base hierarchy.
  • MAINTAINER remains csjp with the OpenBSM/TrustedBSD project.

Approved by: koobs (mentor)
Differential Revision: https://reviews.freebsd.org/D24437


kevansAuthored on
Differential Revision
D24437: New port: security/bsmtrace3
rP532476: update to 0.34.1