Re: Distributed audit daemon committed (was: svn commit: r243752 - in head: etc etc/defaults etc/mail etc/mtree etc/rc.d share/man/man4 usr.sbin usr.sbin/auditdistd (fwd))

From: Robert N. M. Watson <rwatson_at_FreeBSD.org>
Date: Sun, 2 Dec 2012 14:46:41 +0000
On 2 Dec 2012, at 14:21, Fbsd8 wrote:

>> I've now committed the build glue required to install the recently merged Audit Distribution Daemon (auditdistd) contributed by the Pawel Dawidek, and sponsored by the FreeBSD Foundation.  This allows individual hosts generating audit trails to submit trails to a central audit server for review and safe keeping.  Part of the goal is to ensure that a host submitting trail data can't later modify the trails.  Pawel uses a variety of useful security- and resilience-related features such as TLS, Capsicum, etc, in auditdistd.  As the recent security incident in the FreeBSD.org cluster illustrated, having reliable and detailed audit trails makes a big difference in forensic work, and hopefully this will allow the FreeBSD Project (and our users) to do that better in the future.
> 
> Is auditdistd going to be included in the base system as of 10.0-RELEASE
> or be a port that runs on 10.0-RELEASE and newer?

The plan is that auditdistd will be included in the base operating system for FreeBSD 10.0, and it is now integrated into the development branch that will naturally lead to that outcome; I would like to get it merged to stable/9 for inclusion in a future 9.2 release as well, but that will require a bit more work. I'll plan to let it shake out in 10-CURRENT for at least a few weeks, and let more users report on their experiences, before looking at a merge to 9.x.

Robert
Received on Sun Dec 02 2012 - 13:46:44 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:32 UTC