From owner-freebsd-current@FreeBSD.ORG  Sun Dec  2 14:21:19 2012
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id C65A578D;
 Sun,  2 Dec 2012 14:21:19 +0000 (UTC)
 (envelope-from fbsd8@a1poweruser.com)
Received: from mail-03.name-services.com (mail-03.name-services.com
 [69.64.155.195])
 by mx1.freebsd.org (Postfix) with ESMTP id A2BE88FC08;
 Sun,  2 Dec 2012 14:21:19 +0000 (UTC)
Received: from [10.0.10.3] ([173.88.197.103]) by mail-03.name-services.com
 with Microsoft SMTPSVC(6.0.3790.4675); 
 Sun, 2 Dec 2012 06:21:15 -0800
Message-ID: <50BB63DB.8000301@a1poweruser.com>
Date: Sun, 02 Dec 2012 09:21:15 -0500
From: Fbsd8 <fbsd8@a1poweruser.com>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: Robert Watson <rwatson@FreeBSD.org>
Subject: Re: Distributed audit daemon committed (was: svn commit: r243752
 - in head: etc etc/defaults etc/mail etc/mtree etc/rc.d share/man/man4
 usr.sbin usr.sbin/auditdistd (fwd))
References: <alpine.BSF.2.00.1212011512410.34256@fledge.watson.org>
In-Reply-To: <alpine.BSF.2.00.1212011512410.34256@fledge.watson.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 02 Dec 2012 14:21:15.0357 (UTC)
 FILETIME=[49B138D0:01CDD098]
X-Sender: fbsd8@a1poweruser.com
X-Authenticated-Sender: fbsd8@a1poweruser.com
X-EchoSenderHash: [fbsd8]-[a1poweruser*com]
Cc: current@FreeBSD.org, security@FreeBSD.org
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Dec 2012 14:21:20 -0000

Robert Watson wrote:
> 
> Dear all:
> 
> I've now committed the build glue required to install the recently 
> merged Audit Distribution Daemon (auditdistd) contributed by the Pawel 
> Dawidek, and sponsored by the FreeBSD Foundation.  This allows 
> individual hosts generating audit trails to submit trails to a central 
> audit server for review and safe keeping.  Part of the goal is to ensure 
> that a host submitting trail data can't later modify the trails.  Pawel 
> uses a variety of useful security- and resilience-related features such 
> as TLS, Capsicum, etc, in auditdistd.  As the recent security incident 
> in the FreeBSD.org cluster illustrated, having reliable and detailed 
> audit trails makes a big difference in forensic work, and hopefully this 
> will allow the FreeBSD Project (and our users) to do that better in the 
> future.
> 
> Robert N M Watson
> Computer Laboratory
> University of Cambridge
> 

Is auditdistd going to be included in the base system as of 10.0-RELEASE
or be a port that runs on 10.0-RELEASE and newer?