From owner-freebsd-current@FreeBSD.ORG  Sat Dec  1 21:06:37 2012
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 02512347;
 Sat,  1 Dec 2012 21:06:37 +0000 (UTC)
 (envelope-from andreast-list@fgznet.ch)
Received: from smtp.fgznet.ch (mail.fgznet.ch [81.92.96.47])
 by mx1.freebsd.org (Postfix) with ESMTP id 79EAF8FC08;
 Sat,  1 Dec 2012 21:06:35 +0000 (UTC)
Received: from deuterium.andreas.nets (dhclient-91-190-14-19.flashcable.ch
 [91.190.14.19])
 by smtp.fgznet.ch (8.13.8/8.13.8/Submit_SMTPAUTH) with ESMTP id qB1L6WBH006056;
 Sat, 1 Dec 2012 22:06:33 +0100 (CET)
 (envelope-from andreast-list@fgznet.ch)
Message-ID: <50BA7158.1040302@fgznet.ch>
Date: Sat, 01 Dec 2012 22:06:32 +0100
From: Andreas Tobler <andreast-list@fgznet.ch>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5;
 rv:16.0) Gecko/20121026 Thunderbird/16.0.2
MIME-Version: 1.0
To: Robert Watson <rwatson@freebsd.org>
Subject: Re: Distributed audit daemon committed (was: svn commit: r243752
 - in head: etc etc/defaults etc/mail etc/mtree etc/rc.d share/man/man4
 usr.sbin usr.sbin/auditdistd (fwd))
References: <alpine.BSF.2.00.1212011512410.34256@fledge.watson.org>
In-Reply-To: <alpine.BSF.2.00.1212011512410.34256@fledge.watson.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.64 on 81.92.96.47
Cc: current@freebsd.org, security@freebsd.org
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Dec 2012 21:06:37 -0000

On 01.12.12 16:15, Robert Watson wrote:
> 
> Dear all:
> 
> I've now committed the build glue required to install the recently merged 
> Audit Distribution Daemon (auditdistd) contributed by the Pawel Dawidek, and 
> sponsored by the FreeBSD Foundation.  This allows individual hosts generating 
> audit trails to submit trails to a central audit server for review and safe 
> keeping.  Part of the goal is to ensure that a host submitting trail data 
> can't later modify the trails.  Pawel uses a variety of useful security- and 
> resilience-related features such as TLS, Capsicum, etc, in auditdistd.  As the 
> recent security incident in the FreeBSD.org cluster illustrated, having 
> reliable and detailed audit trails makes a big difference in forensic work, 
> and hopefully this will allow the FreeBSD Project (and our users) to do that 
> better in the future.

Aehm, hope it is ok to 'complain' here.

Happens when installing world.

cd /export/devel/fbsd/head/src;
/usr/obj/export/devel/fbsd/head/src/make.amd64/make -f Makefile.inc1
LOCAL_MTREE= hierarchy
cd /export/devel/fbsd/head/src/etc;	
/usr/obj/export/devel/fbsd/head/src/make.amd64/make distrib-dirs
mtree -eU  -f /export/devel/fbsd/head/src/etc/mtree/BSD.root.dist -p /
mtree -eU  -f /export/devel/fbsd/head/src/etc/mtree/BSD.var.dist -p /var
mtree: line 22: unknown user auditdistd
*** [distrib-dirs] Error code 1

Andreas