Distributed Audit MidTerm report
Sergio Ligregni
ligregni at unixmexico.org
Mon Jul 12 03:45:02 UTC 2010
Hi all, this is the report prior MidTerm evaluation
I can say the project is pretty on schedule, and that the 90% of the
functionality is working.
The shipd daemon is working and has been tested in a small network, this
daemon:
- perform sync based on any of the three "panic levels"
- when panic level is 2, the daemon only synchronize the latest trails
- when panic level is 3, the daemon checks for all trails
- connects with damasterd daemon, ask if there is a trail in master's and
send those missing
The damasterd daemon is working and has been tested in a small network,
this daemon:
- checks if the trails are in master's
- according to the parameters, it either search/creates trails under
slave's root directory or create a directory per each host
- if the MD5 checksum for a trail isn't equal, the daemon assumes there
is no such trail and then the shipd daemon will send it again
- the naming convention of the trails, in an example:
20100712024237.20100712024244.ligPhenom.20100712025309
trail_init .trail_end .host .date/time received
TO_DO:
- integrate with current audit (using audit_warn or modifying auditd)
- implement SSL in network communication
- define the location of the parameters (maybe audit_control or maybe
another config file) and arrange the naming and comments
- the doc (the file ideas.txt already has a lot of doc about the
parameters)
The perforce depot:
http://p4db.freebsd.org/depotTreeBrowser.cgi?FSPC=//depot/projects/soc2010/disaudit&HIDEDEL=NO
The Wiki:
http://wiki.freebsd.org/SOC2010SergioLigregni
Please provide some feedback if you have improvement ideas.
Sergio Ligregni
--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
More information about the soc-status
mailing list