From 754fbb67ae6fa89007a986e067c8ce4a2027e8aa Mon Sep 17 00:00:00 2001 From: "Bruce A. Mah" Date: Sat, 2 Sep 2006 16:25:50 +0000 Subject: [PATCH] New release notes: audit(4) (somewhat belatedly, now that I marginally understand how this feature works), cp(1) -l (+MFC), pkill(1)/pgrep(1) to /bin, lukemftpd 20060831. Updated release notes: OpenBSM 1.0a10 (also do a minor markup fix, +MFC). MFCs noted: OpenBSM userland, freebsd-update(8), rc.d/auditd. --- .../doc/en_US.ISO8859-1/relnotes/article.sgml | 31 +++++++++++++++---- .../en_US.ISO8859-1/relnotes/common/new.sgml | 31 +++++++++++++++---- 2 files changed, 50 insertions(+), 12 deletions(-) diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml index 783de943636..a74c6c8c2ff 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml @@ -219,6 +219,11 @@ The &man.apm.4; suspend/resume support has been improved. + Security event auditing is now supported in the &os; kernel, + and is enabled by the AUDIT kernel + configuration option. More information can be found in the + &man.audit.4; manual page. + The options COMPAT_43 kernel configuration option has been deemed unnecessary and has been removed from GENERIC and related kernel @@ -1059,7 +1064,7 @@ geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key" The OpenBSM userland tools, including &man.audit.8;, &man.auditd.8;, &man.auditreduce.1;, and - &man.praudit.1;, have been added. + &man.praudit.1;, have been added. &merged; The &man.bsdiff.1; and &man.bspatch.1; utilities have been added. These are tools for constructing and @@ -1084,6 +1089,10 @@ geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key" kernel configuration file if it exists in the current directory before the specified configuration file. &merged; + The &man.cp.1; utility now supports a + option, which causes it to create hardlinks to the source files + instead of copying them. &merged; + The &man.csh.1; utility now supports NLS catalogs. Note that this requires installing the shells/tcsh_nls port. @@ -1119,7 +1128,7 @@ geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key" has been fixed. The &man.freebsd-update.8; utility, a tool for managing - binary updates to the &os; base system, has been added. + binary updates to the &os; base system, has been added. &merged; The &man.ftpd.8; utility now creates a PID file /var/run/ftpd.pid even when @@ -1361,6 +1370,12 @@ geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key" will ask for confirmation before sending a signal to each matching process. + The &man.pkill.1; utility (also known as &man.pgrep.1;) has + been moved from /usr/bin + to /bin so that it can be used by startup + scripts. Symbolic links from its former location have been + created for backward compatibliity. &merged; + The &man.powerd.8; program now supports a option, which specifies a pidfile to use. @@ -1464,7 +1479,7 @@ geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key" <filename>/etc/rc.d</filename> Scripts The auditd script for - OpenBSM &man.auditd.8; has been added. + OpenBSM &man.auditd.8; has been added. &merged; The bluetooth script has been added. This script will be called from @@ -1597,6 +1612,10 @@ mdconfig_md1="-t vnode -f /var/foo.img" less has been updated from v381 to v394. &merged; + lukemftpd has been updated from a + snapshot from NetBSD as of 9 August 2004 to a snapshot from + NetBSD as of 31 August 2006. + OpenSSH has been updated from 4.2p1 to 4.3p1. @@ -1618,15 +1637,15 @@ mdconfig_md1="-t vnode -f /var/foo.img" snapshot from OpenBSD as of 20060831. TrustedBSD OpenBSM, - version 1.0 alpha 9, an implementation of the documented Sun Basic + version 1.0 alpha 10, an implementation of the documented Sun Basic Security Module (BSM) Audit API and file format, as well as local - extensions to support the Mac OS X and FreeBSD operating systems + extensions to support the Mac OS X and &os; operating systems has been added. This also includes command line tools for audit trail reduction and conversion to text, as well as documentation of the commands, file format, and APIs. For this functionality, the AUDIT kernel option, /var/audit directory, and - audit group have been added. + audit group have been added. &merged; WPA Supplicant has been updated from version 0.3.9 to version 0.4.8. diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml index 783de943636..a74c6c8c2ff 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml @@ -219,6 +219,11 @@ The &man.apm.4; suspend/resume support has been improved. + Security event auditing is now supported in the &os; kernel, + and is enabled by the AUDIT kernel + configuration option. More information can be found in the + &man.audit.4; manual page. + The options COMPAT_43 kernel configuration option has been deemed unnecessary and has been removed from GENERIC and related kernel @@ -1059,7 +1064,7 @@ geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key" The OpenBSM userland tools, including &man.audit.8;, &man.auditd.8;, &man.auditreduce.1;, and - &man.praudit.1;, have been added. + &man.praudit.1;, have been added. &merged; The &man.bsdiff.1; and &man.bspatch.1; utilities have been added. These are tools for constructing and @@ -1084,6 +1089,10 @@ geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key" kernel configuration file if it exists in the current directory before the specified configuration file. &merged; + The &man.cp.1; utility now supports a + option, which causes it to create hardlinks to the source files + instead of copying them. &merged; + The &man.csh.1; utility now supports NLS catalogs. Note that this requires installing the shells/tcsh_nls port. @@ -1119,7 +1128,7 @@ geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key" has been fixed. The &man.freebsd-update.8; utility, a tool for managing - binary updates to the &os; base system, has been added. + binary updates to the &os; base system, has been added. &merged; The &man.ftpd.8; utility now creates a PID file /var/run/ftpd.pid even when @@ -1361,6 +1370,12 @@ geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key" will ask for confirmation before sending a signal to each matching process. + The &man.pkill.1; utility (also known as &man.pgrep.1;) has + been moved from /usr/bin + to /bin so that it can be used by startup + scripts. Symbolic links from its former location have been + created for backward compatibliity. &merged; + The &man.powerd.8; program now supports a option, which specifies a pidfile to use. @@ -1464,7 +1479,7 @@ geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key" <filename>/etc/rc.d</filename> Scripts The auditd script for - OpenBSM &man.auditd.8; has been added. + OpenBSM &man.auditd.8; has been added. &merged; The bluetooth script has been added. This script will be called from @@ -1597,6 +1612,10 @@ mdconfig_md1="-t vnode -f /var/foo.img" less has been updated from v381 to v394. &merged; + lukemftpd has been updated from a + snapshot from NetBSD as of 9 August 2004 to a snapshot from + NetBSD as of 31 August 2006. + OpenSSH has been updated from 4.2p1 to 4.3p1. @@ -1618,15 +1637,15 @@ mdconfig_md1="-t vnode -f /var/foo.img" snapshot from OpenBSD as of 20060831. TrustedBSD OpenBSM, - version 1.0 alpha 9, an implementation of the documented Sun Basic + version 1.0 alpha 10, an implementation of the documented Sun Basic Security Module (BSM) Audit API and file format, as well as local - extensions to support the Mac OS X and FreeBSD operating systems + extensions to support the Mac OS X and &os; operating systems has been added. This also includes command line tools for audit trail reduction and conversion to text, as well as documentation of the commands, file format, and APIs. For this functionality, the AUDIT kernel option, /var/audit directory, and - audit group have been added. + audit group have been added. &merged; WPA Supplicant has been updated from version 0.3.9 to version 0.4.8.