Over the last few months, Brian Salcedo has been working on rewriting our secadm tool from scratch. We're excited to announce the first beta release of secadm 0.3.0. User-facing changes in this release include:

1. secadm set is now secadm load and requires a file path.
2. secadm list is now secadm show.
   • You can now export the ruleset to different formats with the -f argument! For example, secadm show -f json exports the rules to JSON format.
3. You can now add/remove rules one at a time with secadm add and secadm del.
4. You can now enable/disable rules one at a time with secadm enable and secadm disable.
5. UCL rule language is nearly the same.

Please give this release a try. You can download the tarball here and the GPG signature here. If you find any issues, please email Brian Salcedo (brian.salcedo {at} hardenedbsd.org) and CC Shawn Webb (shawn.webb {at} hardenedbsd.org).

Follow this example for the new UCL syntax:

secadm {
    pax = {
        path = "/usr/local/bin/testpie";
        aslr = false;
    }
}

Update 2015-11-22 21:58 EST: An issue was found with the PAGEEXEC and MPROTECT feature parsing. The version number has been bumped to 0.3.0-beta-02 and the links have been updated accordingly.