Date: Sun, 02 Dec 2012 09:21:15 -0500 From: Fbsd8 <fbsd8@a1poweruser.com> To: Robert Watson <rwatson@FreeBSD.org> Cc: current@FreeBSD.org, security@FreeBSD.org Subject: Re: Distributed audit daemon committed (was: svn commit: r243752 - in head: etc etc/defaults etc/mail etc/mtree etc/rc.d share/man/man4 usr.sbin usr.sbin/auditdistd (fwd)) Message-ID: <50BB63DB.8000301@a1poweruser.com> In-Reply-To: <alpine.BSF.2.00.1212011512410.34256@fledge.watson.org> References: <alpine.BSF.2.00.1212011512410.34256@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote: > > Dear all: > > I've now committed the build glue required to install the recently > merged Audit Distribution Daemon (auditdistd) contributed by the Pawel > Dawidek, and sponsored by the FreeBSD Foundation. This allows > individual hosts generating audit trails to submit trails to a central > audit server for review and safe keeping. Part of the goal is to ensure > that a host submitting trail data can't later modify the trails. Pawel > uses a variety of useful security- and resilience-related features such > as TLS, Capsicum, etc, in auditdistd. As the recent security incident > in the FreeBSD.org cluster illustrated, having reliable and detailed > audit trails makes a big difference in forensic work, and hopefully this > will allow the FreeBSD Project (and our users) to do that better in the > future. > > Robert N M Watson > Computer Laboratory > University of Cambridge > Is auditdistd going to be included in the base system as of 10.0-RELEASE or be a port that runs on 10.0-RELEASE and newer?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50BB63DB.8000301>