--- "Sponsler, Mike" <sponslerm(a)netcsc.com&gt; wrote: BSM is Sun's way to say "C2" without actually commiting to completely meeting the C2 requirements. C2 is the archaic security specification that is the basis for the Common Criteria Controlled Access protection Profile (CAPP). Linux Audit is designed to exceed the CAPP requirements. BSM and Linux Audit are independent* implementations of facilities that are intended to meet the same need. BSM is older and based on older criteria. Linux Audit is newer and based on modern (as of today) criteria. The two mechanisms take different approaches to the problem, but in the end are more similar than they are different.** ------ * Well, there hasn't been much direct carry over. ** I wrote the original SunOS4.0 audit code. The two schemes are not that different.