From owner-freebsd-current@FreeBSD.ORG Sat Dec 1 21:53:29 2012 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4877AADE; Sat, 1 Dec 2012 21:53:29 +0000 (UTC) (envelope-from utisoft@gmail.com) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 672C08FC08; Sat, 1 Dec 2012 21:53:27 +0000 (UTC) Received: by mail-bk0-f54.google.com with SMTP id je9so717670bkc.13 for ; Sat, 01 Dec 2012 13:53:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=rTgbHlRXY7BL/aN4ZWhLNrMAPdi4MDwekr1ZnfRMGFE=; b=iIa82FzoqmAkZqfjzI3qVtJ3ptyFewEf2R3/55XOvlZGc8e5VTLdi72ga5xRjve8Dr 5Qak1ZjLZJY9D04v4rO9srjU1lMNlADCT6q3cxiQsW2YnuBBcfoH0xMXHsrlSEbNMA9a ACejHc2Tn+hCZ5KBYA/cmVf99s3q4ah2fzaJoNfAz7+19szCcnb99eOO6vxLUXrqKQXF K3F8IdExNC6bKBz46ondlya+dN90bCLyXeBRfpMPAstSLkawIKywYRGsgKxPHiqIA32L Q41ggX6tP287X0o2QogdoIdcZTa/ANRUMAKXXLFSpkz0/rhNqzr/H6b65xI4S+7QmrXO rUGA== MIME-Version: 1.0 Received: by 10.204.4.131 with SMTP id 3mr1567514bkr.25.1354398806976; Sat, 01 Dec 2012 13:53:26 -0800 (PST) Received: by 10.204.167.71 with HTTP; Sat, 1 Dec 2012 13:53:26 -0800 (PST) Received: by 10.204.167.71 with HTTP; Sat, 1 Dec 2012 13:53:26 -0800 (PST) In-Reply-To: <50BA7158.1040302@fgznet.ch> References: <50BA7158.1040302@fgznet.ch> Date: Sat, 1 Dec 2012 21:53:26 +0000 Message-ID: Subject: Re: Distributed audit daemon committed (was: svn commit: r243752 - in head: etc etc/defaults etc/mail etc/mtree etc/rc.d share/man/man4 usr.sbin usr.sbin/auditdistd (fwd)) From: Chris Rees To: Andreas Tobler Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: Robert Watson , current@freebsd.org, security@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Dec 2012 21:53:29 -0000 On 1 Dec 2012 21:51, "Andreas Tobler" wrote: > > On 01.12.12 16:15, Robert Watson wrote: > > > > Dear all: > > > > I've now committed the build glue required to install the recently merged > > Audit Distribution Daemon (auditdistd) contributed by the Pawel Dawidek, and > > sponsored by the FreeBSD Foundation. This allows individual hosts generating > > audit trails to submit trails to a central audit server for review and safe > > keeping. Part of the goal is to ensure that a host submitting trail data > > can't later modify the trails. Pawel uses a variety of useful security- and > > resilience-related features such as TLS, Capsicum, etc, in auditdistd. As the > > recent security incident in the FreeBSD.org cluster illustrated, having > > reliable and detailed audit trails makes a big difference in forensic work, > > and hopefully this will allow the FreeBSD Project (and our users) to do that > > better in the future. > > Aehm, hope it is ok to 'complain' here. > > Happens when installing world. > > cd /export/devel/fbsd/head/src; > /usr/obj/export/devel/fbsd/head/src/make.amd64/make -f Makefile.inc1 > LOCAL_MTREE= hierarchy > cd /export/devel/fbsd/head/src/etc; > /usr/obj/export/devel/fbsd/head/src/make.amd64/make distrib-dirs > mtree -eU -f /export/devel/fbsd/head/src/etc/mtree/BSD.root.dist -p / > mtree -eU -f /export/devel/fbsd/head/src/etc/mtree/BSD.var.dist -p /var > mtree: line 22: unknown user auditdistd > *** [distrib-dirs] Error code 1 Does mergemaster -p help? Chris