This package contains a prerelease of the
FreeBSD port of systrace.  

Systrace is an 'intrusion prevention' tool.

It was written by Niels Provos
<provos@citi.umich.edu> and is part of
OpenBSD.

It filters system calls (think tcpwrappers
for the kernel).  It can be configured to
reject certain system calls entirely for a
specified process, or only those calls
passing arguments that match a specified
pattern (regular expression).


Consider this a proof of concept only.

The port is *not* stable at this point. It
compiles cleanly on FreeBSD 4.5, but hasn't
been tested in any way.  

To build a kernel:

sys.diffs contains the diffs relative to
FreeBSD 4.5 Release to kernel sources.

cd /usr/src
patch -p0 <sys.diffs
cd i386/conf
config GENERIC
cd ../../compile/GENERIC
make depend
make

the usr directory contains the user land
systrace utility and X client that displays
notifications.

cd usr
make

