Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Jan 2012 16:29:00 -0700
From:      Deb Goodkin <deb@freebsdfoundation.org>
To:        freebsd-announce@freebsd.org
Subject:   [FreeBSD-Announce] Foundation Funding auditdistd Project
Message-ID:  <4F0F6CBC.7020807@freebsdfoundation.org>

next in thread | raw e-mail | index | archive | help
The FreeBSD Foundation is pleased to announce that Pawel Jakub Dawidek has
been awarded a grant to implement auditdistd daemon.

The FreeBSD audit facility provides fine-grained, configurable logging
of security-relevant events.  One of the key purposes of logging
security events is postmortem analysis in case of system compromise.
Currently the kernel can push audit records directly into a file or make
them available through /dev/auditpipe device.  Because audit logs are
stored locally by the kernel, an attacker has access to them once the
system is compromised, which enables him to remove trails of his
activity.

The auditdistd project goal is to securely and reliabily distribute
audit records over the TCP/IP network from a local auditdistd daemon to
a remote auditdistd daemon. In case of source system compromise,
attacker's activity can be analysed using data collected by the remote
system, as only remote system's audit logs can be trusted then.

The project will conclude in February 2012.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F0F6CBC.7020807>