head	1.3;
access;
symbols
	RELEASE_8_3_0:1.3
	RELEASE_9_0_0:1.3
	RELEASE_7_4_0:1.2
	RELEASE_8_2_0:1.2
	RELEASE_6_EOL:1.2
	RELEASE_8_1_0:1.2
	RELEASE_7_3_0:1.2
	RELEASE_8_0_0:1.2
	RELEASE_7_2_0:1.2
	RELEASE_7_1_0:1.2
	RELEASE_6_4_0:1.2
	RELEASE_5_EOL:1.2
	RELEASE_7_0_0:1.2
	RELEASE_6_3_0:1.2;
locks; strict;
comment	@# @;


1.3
date	2011.06.06.17.06.36;	author csjp;	state Exp;
branches;
next	1.2;

1.2
date	2007.10.24.01.08.36;	author csjp;	state Exp;
branches;
next	1.1;

1.1
date	2007.07.15.17.46.41;	author csjp;	state Exp;
branches;
next	;


desc
@@


1.3
log
@Update bsmtrace port to version 1.3

-Add support for larger set sizes (for group/user specifications)
-Add the ability to pass the effective uid to a trigger
-Fixed bug which resulted in "status" being ignored for single
 state sequences
-Added support for logging channels.
-Added support for state triggers.
-Fixed bug where alerts were being produced for state machines
 that have been expired. (Alerts have already been generated).
-Fixed two memory leaks which could really impact systems with high
 volumes audit records.

Approved by:	wxs
Reviewed by:	alm (maintainer)
@
text
@SHA256 (bsmtrace-1.3.tar.gz) = b5e59f8f8c82a41f090c3ec869fa7393b4cb56b5b59b135802c8772d1bebdcd9
SIZE (bsmtrace-1.3.tar.gz) = 25144
@


1.2
log
@Update bsmtrace to 1.1.0.

1.1.0 fixes a pretty serious bug which resulted in BSM records without
pathname tokens being processed in some cases.

Additionally, timeout-window and timeout-probability features were added
to allow people defining sequences with timeouts to add an element of
randomness to the timeout, in theory making it more difficult for people
to attack.

timeout 60;
timeout-window 10;
timeout-probability 65;

Basically equates to:

"This sequence should timeout in a random amount of time, where the
 probability of the timeout being from 60-70 is 65%"

It should be noted that there is a probability of 35% that the value will
be completely random.  So naturally, the lower the timeout-probability, the
more random the timeout will be.

Approved by:	tmclaugh
@
text
@d1 2
a2 3
MD5 (bsmtrace-1.1.0.tar.gz) = badeb03b0bdc60c1f0a7e8c48ab72da8
SHA256 (bsmtrace-1.1.0.tar.gz) = cf4299d2a08cf4f884f1788fe668682878015d83d1e9b1e64da897d91fc31206
SIZE (bsmtrace-1.1.0.tar.gz) = 23893
@


1.1
log
@Add the bsmtrace port.

bsmtrace is a audit driven host based intrusion detection system which
operates on finite state machine principles.  Since it's audit driven,
it requires that operating system security auditing be enabled. This
requires FreeBSD 6.2 at a minimum.  By default it provides real-time
analysis through the use of an audit pipe, however it can operate on
regular audit trail files as well.

Approved by:	Pav
Reviewed by:	Pav (and others)
@
text
@d1 3
a3 3
MD5 (bsmtrace-1.0.3.tar.gz) = a1199983d6121011cdf16e7c1a10a3df
SHA256 (bsmtrace-1.0.3.tar.gz) = 41853c30a7c2bad821f8cb88f66640637821b7d2ac53db5abecfc8797645bd25
SIZE (bsmtrace-1.0.3.tar.gz) = 22170
@

