My company runs a few Certificate Authorities for the government that conform to some pretty stringent security standards. Since the standards were written a decade ago, they specifically refer to Solaris and the BSM (Basic Security Module). Solaris is a slowly dying OS at this point--Oracle may have purchased Sun, but a lot of their newer hardware offering, notably the "Exa" line, are designed around Linux--so I need to be able to fulfill the audit requirements on Linux.
I started with looking for BSM outside of Solaris, but it appears OpenBSD and FreeBSD are where this has all gone. Apple paid someone to port it for them, so the OpenBSM project is quite far along on the BSD variants, but the Linux side is stalled waiting on someone to rewrite the out of the box auditd. Ugh.
Is anyone work on the government side with similar requirements? I really need to find a kernel level auditing solution for Linux that is going to make it past the auditors.