1.1.0 fixes a pretty serious bug which resulted in BSM records without
pathname tokens being processed in some cases.
Additionally, timeout-window and timeout-probability features were added
to allow people defining sequences with timeouts to add an element of
randomness to the timeout, in theory making it more difficult for people
to attack.
timeout 60;
timeout-window 10;
timeout-probability 65;
Basically equates to:
"This sequence should timeout in a random amount of time, where the
probability of the timeout being from 60-70 is 65%"
It should be noted that there is a probability of 35% that the value will
be completely random. So naturally, the lower the timeout-probability, the
more random the timeout will be.
Approved by: tmclaugh
bsmtrace is a audit driven host based intrusion detection system which
operates on finite state machine principles. Since it's audit driven,
it requires that operating system security auditing be enabled. This
requires FreeBSD 6.2 at a minimum. By default it provides real-time
analysis through the use of an audit pipe, however it can operate on
regular audit trail files as well.
Approved by: Pav
Reviewed by: Pav (and others)
