From owner-soc-status@FreeBSD.ORG Mon Jul 12 03:45:02 2010 Return-Path: Delivered-To: soc-status@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 659361065670; Mon, 12 Jul 2010 03:45:02 +0000 (UTC) (envelope-from ligregni@unixmexico.org) Received: from mail-px0-f182.google.com (mail-px0-f182.google.com [209.85.212.182]) by mx1.freebsd.org (Postfix) with ESMTP id 2E87D8FC18; Mon, 12 Jul 2010 03:45:01 +0000 (UTC) Received: by pxi8 with SMTP id 8so1795320pxi.13 for ; Sun, 11 Jul 2010 20:45:01 -0700 (PDT) Received: by 10.142.194.1 with SMTP id r1mr15704209wff.125.1278906301486; Sun, 11 Jul 2010 20:45:01 -0700 (PDT) Received: from server ([189.163.172.175]) by mx.google.com with ESMTPS id l40sm4005035rvb.6.2010.07.11.20.44.59 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 11 Jul 2010 20:45:00 -0700 (PDT) Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes To: "soc-status@freebsd.org" Date: Sun, 11 Jul 2010 22:44:44 -0500 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Sergio Ligregni" Organization: FreeBSD Message-ID: User-Agent: Opera Mail/10.60 (FreeBSD) Cc: "sson@freebsd.org" Subject: Distributed Audit MidTerm report X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jul 2010 03:45:02 -0000 Hi all, this is the report prior MidTerm evaluation I can say the project is pretty on schedule, and that the 90% of the functionality is working. The shipd daemon is working and has been tested in a small network, this daemon: - perform sync based on any of the three "panic levels" - when panic level is 2, the daemon only synchronize the latest trails - when panic level is 3, the daemon checks for all trails - connects with damasterd daemon, ask if there is a trail in master's and send those missing The damasterd daemon is working and has been tested in a small network, this daemon: - checks if the trails are in master's - according to the parameters, it either search/creates trails under slave's root directory or create a directory per each host - if the MD5 checksum for a trail isn't equal, the daemon assumes there is no such trail and then the shipd daemon will send it again - the naming convention of the trails, in an example: 20100712024237.20100712024244.ligPhenom.20100712025309 trail_init .trail_end .host .date/time received TO_DO: - integrate with current audit (using audit_warn or modifying auditd) - implement SSL in network communication - define the location of the parameters (maybe audit_control or maybe another config file) and arrange the naming and comments - the doc (the file ideas.txt already has a lot of doc about the parameters) The perforce depot: http://p4db.freebsd.org/depotTreeBrowser.cgi?FSPC=//depot/projects/soc2010/disaudit&HIDEDEL=NO The Wiki: http://wiki.freebsd.org/SOC2010SergioLigregni Please provide some feedback if you have improvement ideas. Sergio Ligregni -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/