From owner-freebsd-current@FreeBSD.ORG  Sun Dec  2 14:46:44 2012
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 6EE0CBE9;
 Sun,  2 Dec 2012 14:46:44 +0000 (UTC)
 (envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
 by mx1.freebsd.org (Postfix) with ESMTP id 3F2698FC0C;
 Sun,  2 Dec 2012 14:46:44 +0000 (UTC)
Received: from [192.168.2.119]
 (host86-129-88-139.range86-129.btcentralplus.com [86.129.88.139])
 by cyrus.watson.org (Postfix) with ESMTPSA id 580CC46B23;
 Sun,  2 Dec 2012 09:46:43 -0500 (EST)
Subject: Re: Distributed audit daemon committed (was: svn commit: r243752 - in
 head: etc etc/defaults etc/mail etc/mtree etc/rc.d share/man/man4 usr.sbin
 usr.sbin/auditdistd (fwd))
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: text/plain; charset=iso-8859-1
From: "Robert N. M. Watson" <rwatson@FreeBSD.org>
In-Reply-To: <50BB63DB.8000301@a1poweruser.com>
Date: Sun, 2 Dec 2012 14:46:41 +0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <EB73F5C9-32C1-40FD-9BA8-3E16F6718D0F@FreeBSD.org>
References: <alpine.BSF.2.00.1212011512410.34256@fledge.watson.org>
 <50BB63DB.8000301@a1poweruser.com>
To: Fbsd8 <fbsd8@a1poweruser.com>
X-Mailer: Apple Mail (2.1283)
Cc: current@FreeBSD.org, security@FreeBSD.org
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Dec 2012 14:46:44 -0000


On 2 Dec 2012, at 14:21, Fbsd8 wrote:

>> I've now committed the build glue required to install the recently =
merged Audit Distribution Daemon (auditdistd) contributed by the Pawel =
Dawidek, and sponsored by the FreeBSD Foundation.  This allows =
individual hosts generating audit trails to submit trails to a central =
audit server for review and safe keeping.  Part of the goal is to ensure =
that a host submitting trail data can't later modify the trails.  Pawel =
uses a variety of useful security- and resilience-related features such =
as TLS, Capsicum, etc, in auditdistd.  As the recent security incident =
in the FreeBSD.org cluster illustrated, having reliable and detailed =
audit trails makes a big difference in forensic work, and hopefully this =
will allow the FreeBSD Project (and our users) to do that better in the =
future.
>=20
> Is auditdistd going to be included in the base system as of =
10.0-RELEASE
> or be a port that runs on 10.0-RELEASE and newer?

The plan is that auditdistd will be included in the base operating =
system for FreeBSD 10.0, and it is now integrated into the development =
branch that will naturally lead to that outcome; I would like to get it =
merged to stable/9 for inclusion in a future 9.2 release as well, but =
that will require a bit more work. I'll plan to let it shake out in =
10-CURRENT for at least a few weeks, and let more users report on their =
experiences, before looking at a merge to 9.x.

Robert