From owner-freebsd-announce@FreeBSD.ORG Thu Jan 12 23:29:07 2012 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 35E0D106564A for ; Thu, 12 Jan 2012 23:29:07 +0000 (UTC) (envelope-from deb@freebsdfoundation.org) Received: from aslan.scsiguy.com (aslan.scsiguy.com [70.89.174.89]) by mx1.freebsd.org (Postfix) with ESMTP id 08DEC8FC08 for ; Thu, 12 Jan 2012 23:29:06 +0000 (UTC) Received: from Deb-Goodkins-MacBook-Pro.local (c-71-196-153-166.hsd1.co.comcast.net [71.196.153.166]) (authenticated bits=0) by aslan.scsiguy.com (8.14.5/8.14.5) with ESMTP id q0CNT5fF019226 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Thu, 12 Jan 2012 16:29:06 -0700 (MST) (envelope-from deb@freebsdfoundation.org) Message-ID: <4F0F6CBC.7020807@freebsdfoundation.org> Date: Thu, 12 Jan 2012 16:29:00 -0700 From: Deb Goodkin User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 MIME-Version: 1.0 To: freebsd-announce@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (aslan.scsiguy.com [70.89.174.89]); Thu, 12 Jan 2012 16:29:06 -0700 (MST) X-Mailman-Approved-At: Thu, 12 Jan 2012 23:37:01 +0000 Subject: [FreeBSD-Announce] Foundation Funding auditdistd Project X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jan 2012 23:29:07 -0000 The FreeBSD Foundation is pleased to announce that Pawel Jakub Dawidek has been awarded a grant to implement auditdistd daemon. The FreeBSD audit facility provides fine-grained, configurable logging of security-relevant events. One of the key purposes of logging security events is postmortem analysis in case of system compromise. Currently the kernel can push audit records directly into a file or make them available through /dev/auditpipe device. Because audit logs are stored locally by the kernel, an attacker has access to them once the system is compromised, which enables him to remove trails of his activity. The auditdistd project goal is to securely and reliabily distribute audit records over the TCP/IP network from a local auditdistd daemon to a remote auditdistd daemon. In case of source system compromise, attacker's activity can be analysed using data collected by the remote system, as only remote system's audit logs can be trusted then. The project will conclude in February 2012.