Date: Wed, 30 Jun 2010 10:41:01 -0500 From: "Sergio Ligregni" <ligregni@unixmexico.org> To: soc-status@freebsd.org Subject: Distributed Audit Weekly Report Message-ID: <op.ve4dumj7ubj46t@server>
next in thread | raw e-mail | index | archive | help
My mistake I have sent the reports to soc-students, (really sorry about that), but here they are: #1 This is my report Distributed Audit Here are the details of what I've done: a daemon shipd, it will deliver the trails to the master system, this daemon already has this logic features: - three options of tunning (I named it the panic_level) 1: just send the trail when audit closes it 2: search the last correct trail (this is, the trail that is on both systems) and sync from it to the "present" (for this I perform a quicksort by name (that is also a chronological because of the naming of the trails, this can maybe be not so efficient in CPU resources but surely it is efficient in NETWORK resources). 3: search for all the trails located in the slave system in the master system and send those what are not there. - debug option (to no daemonize, it will send messages to stderr, otherwise, the messages are sent to syslog) the TO_DO list (for this week): - to perform the network communication, there is a function that receives the path of the trail to send, it's just the sending part the one missing - please check the is_audit_trail(char *) function if you have some ideas to improve - do a daemon to receive the trails in the master system, the important thing is that the daemon will be also tunneable files: http://p4db.freebsd.org/depotTreeBrowser.cgi?FSPC=//depot/projects/soc2010/disaudit&HIDEDEL=NO shipd.c shipd.h ideas.txt Sergio Ligregni #2 This is my report Distributed Audit Based on the TO_DO list sent last week: - to perform the network communication, there is a function that receives the path of the trail to send, it's just the sending part the one missing - do a daemon to receive the trails in the master system, the important thing is that the daemon will be also tunneable I can say both issues are done, the network communication is already working and there's a master daemon that receives the requests, but in the "lab" I got a trouble (solvable these days), that is, i.e.: we can check at master's if there are three files and, since we got that 2 of them are missing, send them: connect check for file #1 close connection connect check for file #2 close connection ... connect send file #1 close connection... this is a not network efficient solution, so, the logic must be adapted: connect check for file #1 check for file #2 check for file #3 close connection connect send file #1 ... and so on, much more efficient. I got help from Garret Cooper telling me where to find the rules about writing a correct Makefile, I will be take care of that later, now it's just to simplify the development. a remaining TO_DO could be: - once the process is tested and working, integrate to current audit tools (I think maybe this will be a good idea to do after the project got approved at Mid-term evaluation, it's just matter of reading from audit_control file and use audit_warn...) - the SSL API integration, planned since the beginning to be done at the second half of the project. files: http://p4db.freebsd.org/depotTreeBrowser.cgi?FSPC=//depot/projects/soc2010/disaudit&HIDEDEL=NO Sergio Ligregni -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.ve4dumj7ubj46t>