Date: Sun, 2 Dec 2012 14:46:41 +0000 From: "Robert N. M. Watson" <rwatson@FreeBSD.org> To: Fbsd8 <fbsd8@a1poweruser.com> Cc: current@FreeBSD.org, security@FreeBSD.org Subject: Re: Distributed audit daemon committed (was: svn commit: r243752 - in head: etc etc/defaults etc/mail etc/mtree etc/rc.d share/man/man4 usr.sbin usr.sbin/auditdistd (fwd)) Message-ID: <EB73F5C9-32C1-40FD-9BA8-3E16F6718D0F@FreeBSD.org> In-Reply-To: <50BB63DB.8000301@a1poweruser.com> References: <alpine.BSF.2.00.1212011512410.34256@fledge.watson.org> <50BB63DB.8000301@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2 Dec 2012, at 14:21, Fbsd8 wrote: >> I've now committed the build glue required to install the recently = merged Audit Distribution Daemon (auditdistd) contributed by the Pawel = Dawidek, and sponsored by the FreeBSD Foundation. This allows = individual hosts generating audit trails to submit trails to a central = audit server for review and safe keeping. Part of the goal is to ensure = that a host submitting trail data can't later modify the trails. Pawel = uses a variety of useful security- and resilience-related features such = as TLS, Capsicum, etc, in auditdistd. As the recent security incident = in the FreeBSD.org cluster illustrated, having reliable and detailed = audit trails makes a big difference in forensic work, and hopefully this = will allow the FreeBSD Project (and our users) to do that better in the = future. >=20 > Is auditdistd going to be included in the base system as of = 10.0-RELEASE > or be a port that runs on 10.0-RELEASE and newer? The plan is that auditdistd will be included in the base operating = system for FreeBSD 10.0, and it is now integrated into the development = branch that will naturally lead to that outcome; I would like to get it = merged to stable/9 for inclusion in a future 9.2 release as well, but = that will require a bit more work. I'll plan to let it shake out in = 10-CURRENT for at least a few weeks, and let more users report on their = experiences, before looking at a merge to 9.x. Robert
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EB73F5C9-32C1-40FD-9BA8-3E16F6718D0F>