svn commit: r243752 - in head: etc etc/defaults etc/mail etc/mtree etc/rc.d share/man/man4 usr.sbin usr.sbin/auditdistd

Robert Watson rwatson at FreeBSD.org
Sat Dec 1 15:11:47 UTC 2012 

Author: rwatson
Date: Sat Dec  1 15:11:46 2012
New Revision: 243752
URL: http://svnweb.freebsd.org/changeset/base/243752

Log:
  Merge a number of changes required to hook up OpenBSM 1.2-alpha2's
  auditdistd (distributed audit daemon) to the build:
  
  - Manual cross references
  - Makefile for auditdistd
  - rc.d script, rc.conf entrie
  - New group and user for auditdistd; associated aliases, etc.
  
  The audit trail distribution daemon provides reliable,
  cryptographically protected (and sandboxed) delivery of audit tails
  from live clients to audit server hosts in order to both allow
  centralised analysis, and improve resilience in the event of client
  compromises: clients are not permitted to change trail contents
  after submission.
  
  Submitted by:	pjd
  Sponsored by:	The FreeBSD Foundation (auditdistd)

Added:
  head/etc/rc.d/auditdistd   (contents, props changed)
  head/usr.sbin/auditdistd/
  head/usr.sbin/auditdistd/Makefile   (contents, props changed)
Modified:
  head/etc/defaults/rc.conf
  head/etc/ftpusers
  head/etc/mail/aliases
  head/etc/master.passwd
  head/etc/mtree/BSD.var.dist
  head/etc/rc.d/Makefile
  head/share/man/man4/audit.4
  head/usr.sbin/Makefile

Modified: head/etc/defaults/rc.conf
==============================================================================
--- head/etc/defaults/rc.conf	Sat Dec  1 13:46:37 2012	(r243751)
+++ head/etc/defaults/rc.conf	Sat Dec  1 15:11:46 2012	(r243752)
@@ -590,6 +590,9 @@ sendmail_rebuild_aliases="NO"	# Run newa
 auditd_enable="NO"	# Run the audit daemon.
 auditd_program="/usr/sbin/auditd"	# Path to the audit daemon.
 auditd_flags=""		# Which options to pass to the audit daemon.
+auditdistd_enable="NO"	# Run the audit daemon.
+auditdistd_program="/usr/sbin/auditdistd"	# Path to the auditdistd daemon.
+auditdistd_flags=""	# Which options to pass to the auditdistd daemon.
 cron_enable="YES"	# Run the periodic job daemon.
 cron_program="/usr/sbin/cron"	# Which cron executable to run (if enabled).
 cron_dst="YES"		# Handle DST transitions intelligently (YES/NO)

Modified: head/etc/ftpusers
==============================================================================
--- head/etc/ftpusers	Sat Dec  1 13:46:37 2012	(r243751)
+++ head/etc/ftpusers	Sat Dec  1 15:11:46 2012	(r243752)
@@ -19,6 +19,7 @@ _pflogd
 _dhcp
 uucp
 pop
+auditdistd
 www
 hast
 nobody

Modified: head/etc/mail/aliases
==============================================================================
--- head/etc/mail/aliases	Sat Dec  1 13:46:37 2012	(r243751)
+++ head/etc/mail/aliases	Sat Dec  1 15:11:46 2012	(r243752)
@@ -26,6 +26,7 @@ postmaster: root
 # General redirections for pseudo accounts
 _dhcp:	root
 _pflogd: root
+auditdistd:	root
 bin:	root
 bind:	root
 daemon:	root

Modified: head/etc/master.passwd
==============================================================================
--- head/etc/master.passwd	Sat Dec  1 13:46:37 2012	(r243751)
+++ head/etc/master.passwd	Sat Dec  1 15:11:46 2012	(r243752)
@@ -20,6 +20,7 @@ _pflogd:*:64:64::0:0:pflogd privsep user
 _dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin
 uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
 pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
+auditdistd:*:78:77::0:0:Auditdistd unprivileged user:/var/empty:/usr/sbin/nologin
 www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
 hast:*:845:845::0:0:HAST unprivileged user:/var/empty:/usr/sbin/nologin
 nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin

Modified: head/etc/mtree/BSD.var.dist
==============================================================================
--- head/etc/mtree/BSD.var.dist	Sat Dec  1 13:46:37 2012	(r243751)
+++ head/etc/mtree/BSD.var.dist	Sat Dec  1 15:11:46 2012	(r243752)
@@ -19,6 +19,10 @@
 /set gname=audit
     audit
     ..
+        dist            uname=auditdistd gname=audit mode=0770
+        ..
+        remote          uname=auditdistd gname=wheel mode=0700
+        ..
 /set gname=wheel
     backups
     ..

Modified: head/etc/rc.d/Makefile
==============================================================================
--- head/etc/rc.d/Makefile	Sat Dec  1 13:46:37 2012	(r243751)
+++ head/etc/rc.d/Makefile	Sat Dec  1 15:11:46 2012	(r243752)
@@ -19,6 +19,7 @@ FILES=	DAEMON \
 	atm2 \
 	atm3 \
 	auditd \
+	auditdistd \
 	bgfsck \
 	bluetooth \
 	bootparams \

Added: head/etc/rc.d/auditdistd
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/etc/rc.d/auditdistd	Sat Dec  1 15:11:46 2012	(r243752)
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: auditdistd
+# REQUIRE: auditd
+# BEFORE:  DAEMON
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="auditdistd"
+rcvar="${name}_enable"
+pidfile="/var/run/${name}.pid"
+command="/usr/sbin/${name}"
+required_files="/etc/${name}.conf"
+extra_commands="reload"
+
+load_rc_config $name
+run_rc_command "$1"

Modified: head/share/man/man4/audit.4
==============================================================================
--- head/share/man/man4/audit.4	Sat Dec  1 13:46:37 2012	(r243751)
+++ head/share/man/man4/audit.4	Sat Dec  1 15:11:46 2012	(r243752)
@@ -96,7 +96,8 @@ to track users and events in a fine-grai
 .Xr audit_warn 5 ,
 .Xr rc.conf 5 ,
 .Xr audit 8 ,
-.Xr auditd 8
+.Xr auditd 8 ,
+.Xr auditdistd 8
 .Sh HISTORY
 The
 .Tn OpenBSM

Modified: head/usr.sbin/Makefile
==============================================================================
--- head/usr.sbin/Makefile	Sat Dec  1 13:46:37 2012	(r243751)
+++ head/usr.sbin/Makefile	Sat Dec  1 15:11:46 2012	(r243752)
@@ -110,6 +110,9 @@ SUBDIR+=	amd
 .if ${MK_AUDIT} != "no"
 SUBDIR+=	audit
 SUBDIR+=	auditd
+.if ${MK_OPENSSL} != "no"
+SUBDIR+=	auditdistd
+.endif
 SUBDIR+=	auditreduce
 SUBDIR+=	praudit
 .endif

Added: head/usr.sbin/auditdistd/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/usr.sbin/auditdistd/Makefile	Sat Dec  1 15:11:46 2012	(r243752)
@@ -0,0 +1,32 @@
+#
+# $FreeBSD$
+#
+
+OPENBSMDIR=${.CURDIR}/../../contrib/openbsm
+.PATH: ${OPENBSMDIR}/bin/auditdistd
+
+# Addition of auditdistd because otherwise generated parse.c can't find
+# auditdistd.h.  This seems like a makefile non-feature.
+CFLAGS+=-I${OPENBSMDIR} -I${OPENBSMDIR}/bin/auditdistd
+
+NO_WFORMAT=
+
+PROG=	auditdistd
+SRCS=	auditdistd.c
+SRCS+=	parse.y pjdlog.c
+SRCS+=	proto.c proto_common.c proto_socketpair.c proto_tcp.c proto_tls.c
+SRCS+=	receiver.c
+SRCS+=	sandbox.c sender.c subr.c
+SRCS+=	token.l trail.c
+MAN=	auditdistd.8 auditdistd.conf.5
+
+DPADD=	${LIBL} ${LIBPTHREAD} ${LIBUTIL}
+LDADD=	-ll -lpthread -lutil
+DPADD+=	${LIBCRYPTO} ${LIBSSL}
+LDADD+=	-lcrypto -lssl
+
+YFLAGS+=-v
+
+CLEANFILES=parse.c parse.h parse.output
+
+.include <bsd.prog.mk>

More information about the svn-src-all mailing list