From owner-soc-status@FreeBSD.ORG Wed Jun 30 16:45:09 2010 Return-Path: Delivered-To: soc-status@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1C8ED1065675 for ; Wed, 30 Jun 2010 16:45:09 +0000 (UTC) (envelope-from ligregni@unixmexico.org) Received: from mail-pv0-f182.google.com (mail-pv0-f182.google.com [74.125.83.182]) by mx1.freebsd.org (Postfix) with ESMTP id F26968FC15 for ; Wed, 30 Jun 2010 16:45:08 +0000 (UTC) Received: by pvb32 with SMTP id 32so469276pvb.13 for ; Wed, 30 Jun 2010 09:45:04 -0700 (PDT) Received: by 10.114.203.16 with SMTP id a16mr9667974wag.166.1277912479372; Wed, 30 Jun 2010 08:41:19 -0700 (PDT) Received: from server ([189.163.186.178]) by mx.google.com with ESMTPS id h4sm75450824wae.11.2010.06.30.08.41.16 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 30 Jun 2010 08:41:17 -0700 (PDT) Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes To: soc-status@freebsd.org Date: Wed, 30 Jun 2010 10:41:01 -0500 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Sergio Ligregni" Organization: FreeBSD Message-ID: User-Agent: Opera Mail/10.10 (FreeBSD) Subject: Distributed Audit Weekly Report X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jun 2010 16:45:09 -0000 My mistake I have sent the reports to soc-students, (really sorry about that), but here they are: #1 This is my report Distributed Audit Here are the details of what I've done: a daemon shipd, it will deliver the trails to the master system, this daemon already has this logic features: - three options of tunning (I named it the panic_level) 1: just send the trail when audit closes it 2: search the last correct trail (this is, the trail that is on both systems) and sync from it to the "present" (for this I perform a quicksort by name (that is also a chronological because of the naming of the trails, this can maybe be not so efficient in CPU resources but surely it is efficient in NETWORK resources). 3: search for all the trails located in the slave system in the master system and send those what are not there. - debug option (to no daemonize, it will send messages to stderr, otherwise, the messages are sent to syslog) the TO_DO list (for this week): - to perform the network communication, there is a function that receives the path of the trail to send, it's just the sending part the one missing - please check the is_audit_trail(char *) function if you have some ideas to improve - do a daemon to receive the trails in the master system, the important thing is that the daemon will be also tunneable files: http://p4db.freebsd.org/depotTreeBrowser.cgi?FSPC=//depot/projects/soc2010/disaudit&HIDEDEL=NO shipd.c shipd.h ideas.txt Sergio Ligregni #2 This is my report Distributed Audit Based on the TO_DO list sent last week: - to perform the network communication, there is a function that receives the path of the trail to send, it's just the sending part the one missing - do a daemon to receive the trails in the master system, the important thing is that the daemon will be also tunneable I can say both issues are done, the network communication is already working and there's a master daemon that receives the requests, but in the "lab" I got a trouble (solvable these days), that is, i.e.: we can check at master's if there are three files and, since we got that 2 of them are missing, send them: connect check for file #1 close connection connect check for file #2 close connection ... connect send file #1 close connection... this is a not network efficient solution, so, the logic must be adapted: connect check for file #1 check for file #2 check for file #3 close connection connect send file #1 ... and so on, much more efficient. I got help from Garret Cooper telling me where to find the rules about writing a correct Makefile, I will be take care of that later, now it's just to simplify the development. a remaining TO_DO could be: - once the process is tested and working, integrate to current audit tools (I think maybe this will be a good idea to do after the project got approved at Mid-term evaluation, it's just matter of reading from audit_control file and use audit_warn...) - the SSL API integration, planned since the beginning to be done at the second half of the project. files: http://p4db.freebsd.org/depotTreeBrowser.cgi?FSPC=//depot/projects/soc2010/disaudit&HIDEDEL=NO Sergio Ligregni -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/