BSMpseu 0.1.6 - Pseudonymizer for Solaris Audit TrailsCopyright © 2002, 2003 by Konrad Rieck
BSMpseu pseudonymizes records from Solaris BSM audit trail files. Personal data such as user IDs, group IDs, etc. is replaced with pseudonyms, so that the generated output doesn't reveal private information about the system's users, but still preserves a maximum of integrity and consistency.
BSMpseu has been designed with efficiency and privacy in mind, but doesn't offer cryptographic strong security, as proposed in some research papers, in order to ensure a realistic performance.
* The Solaris logo is a registered trademark or trademark of Sun Microsystems, Inc.
BSMpseu sequentially reads one or more input audit trail files and writes the pseudonymized audit trail to standard output. The input and output audit trail files can be in plain BSM audit or in zlib(3) / gzip(1) compressed format. bsmpseu pseudonymizes a 200MB audit trail file on a plain Sun Ultra 10 in 50 seconds and pseudonymizes and com presses the same file within 8 minutes.
Depending on the type of information, the personal data is replaced by random data, cleared/blanked or shifted by a random value. Details are listed below.
User IDs, Group IDs and Process IDs
Execution Arguments and Environment
For more information, see the manual page bsmpseu(1) form the source package.
This will pseudonymize the content of the specified audit files using the default options and display the pseudonymized audit records in human-readable form using the Solaris command praudit(1M):
% bsmpseu /export/audit/* | praudit
BSMpseu is able to generate compressed output using the -z options, but it is also able to read compressed input audit trail files, as shown in the example below.
% bsmpseu /export/audit/friday.bsm.gz > /tmp/audit.bsm
Often it is not useful to pseudonymize all data types in an audit trail file. The example below shows the use of the BSMpseu tool where the process IDs and internet addresses are not pseudonymized.
% bsmpseu -P -A /var/audit/audit.bsm > /tmp/audit.bsm