Freebsd auditing in 7.0?
Jonathan Bond-Caron
jbondc at openmv.com
Thu May 8 13:08:09 UTC 2008
Thanks for the information, I'd definitely be testing audit on 7.0
And great paper! I really enjoyed the read
-----Original Message-----
From: Robert Watson [mailto:rwatson at FreeBSD.org]
Sent: May 7, 2008 7:24 PM
To: Jonathan Bond-Caron
Cc: freebsd-current at freebsd.org
Subject: Re: Freebsd auditing in 7.0?
On Wed, 7 May 2008, Jonathan Bond-Caron wrote:
> I recently read this paper:
> http://www.trustedbsd.org/20060303-ukuug2006lisa-audit.pdf
>
> I'm wondering if there are any new features in 7.0 for auditing freebsd
and
> if audit is included in the base?
Changes between audit as shipped in 6.2 and 7.0 are largely incremental --
support for printing audit records as XML, better support for emulation
environments such as 32-bit binaryes on 64-bit systems, Linux-emulated
binaries, improved IPv6 support, etc.
> I've been using syslog-ng on 6.2 for some time but audit looks more
rigorous
> to track system events & changes. Are there auditing options in 7.0 that
> allow sending logs to a central server over SSL? Or any recommendations
> other then syslog-ng?
>
> The goal is track more system events & centralize the log files at a
central
> server.
Last year we had a GSoC project looking at distributed auditing, but I'm not
sure there was a usable end result (perhaps someone else can point us at it
if
so). I'm aware of one on-going project looking at SSL-enabled distributed
log
parts, but I'm not sure if the author is willing to turn himself in as-yet.
Perhaps soon :-). I would certainly anticipate that this is a feature we
will
ship in the future, but any dates would be hand-waving at this point,
unfortunately.
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the freebsd-current
mailing list