FreeBSD has an audit subsystem which is responsible for monitoring a variety of security-relevant system events, such as user-logins, configuration changes, file system & network access. Although the audit framework is indispensable for security conscious organizations running FreeBSD servers, currently there is no tool to test its reliability and the intended behavior.
The project aims to develop a regression test-suite, which will evaluate the audit framework for proper logging of most auditable system calls classified in TCP/IP & UDP sockets, File I/O, process control and device management, along with the semantics of audit trail's BSM/XML/ text output.
BSM tokens can be obtained via synchronous I/O multiplexing on a special clonable device
/dev/auditpipe, by configuring various preselection parameters for local mode auditing with the provided IOCTLs. Several
libbsm(3) APIs and functions within the FreeBSD kernel can be used to analyze syscall tokens in the audit record. Finally,
kyua(7)'s run-time engine will be used to automate regression testing of entire operating system at once,