svn commit: r243752 - in head: etc etc/defaults etc/mail etc/mtree etc/rc.d share/man/man4 usr.sbin usr.sbin/auditdistd
Robert Watson
rwatson at FreeBSD.org
Sat Dec 1 15:11:47 UTC 2012
Author: rwatson
Date: Sat Dec 1 15:11:46 2012
New Revision: 243752
URL: http://svnweb.freebsd.org/changeset/base/243752
Log:
Merge a number of changes required to hook up OpenBSM 1.2-alpha2's
auditdistd (distributed audit daemon) to the build:
- Manual cross references
- Makefile for auditdistd
- rc.d script, rc.conf entrie
- New group and user for auditdistd; associated aliases, etc.
The audit trail distribution daemon provides reliable,
cryptographically protected (and sandboxed) delivery of audit tails
from live clients to audit server hosts in order to both allow
centralised analysis, and improve resilience in the event of client
compromises: clients are not permitted to change trail contents
after submission.
Submitted by: pjd
Sponsored by: The FreeBSD Foundation (auditdistd)
Added:
head/etc/rc.d/auditdistd (contents, props changed)
head/usr.sbin/auditdistd/
head/usr.sbin/auditdistd/Makefile (contents, props changed)
Modified:
head/etc/defaults/rc.conf
head/etc/ftpusers
head/etc/mail/aliases
head/etc/master.passwd
head/etc/mtree/BSD.var.dist
head/etc/rc.d/Makefile
head/share/man/man4/audit.4
head/usr.sbin/Makefile
Modified: head/etc/defaults/rc.conf
==============================================================================
--- head/etc/defaults/rc.conf Sat Dec 1 13:46:37 2012 (r243751)
+++ head/etc/defaults/rc.conf Sat Dec 1 15:11:46 2012 (r243752)
@@ -590,6 +590,9 @@ sendmail_rebuild_aliases="NO" # Run newa
auditd_enable="NO" # Run the audit daemon.
auditd_program="/usr/sbin/auditd" # Path to the audit daemon.
auditd_flags="" # Which options to pass to the audit daemon.
+auditdistd_enable="NO" # Run the audit daemon.
+auditdistd_program="/usr/sbin/auditdistd" # Path to the auditdistd daemon.
+auditdistd_flags="" # Which options to pass to the auditdistd daemon.
cron_enable="YES" # Run the periodic job daemon.
cron_program="/usr/sbin/cron" # Which cron executable to run (if enabled).
cron_dst="YES" # Handle DST transitions intelligently (YES/NO)
Modified: head/etc/ftpusers
==============================================================================
--- head/etc/ftpusers Sat Dec 1 13:46:37 2012 (r243751)
+++ head/etc/ftpusers Sat Dec 1 15:11:46 2012 (r243752)
@@ -19,6 +19,7 @@ _pflogd
_dhcp
uucp
pop
+auditdistd
www
hast
nobody
Modified: head/etc/mail/aliases
==============================================================================
--- head/etc/mail/aliases Sat Dec 1 13:46:37 2012 (r243751)
+++ head/etc/mail/aliases Sat Dec 1 15:11:46 2012 (r243752)
@@ -26,6 +26,7 @@ postmaster: root
# General redirections for pseudo accounts
_dhcp: root
_pflogd: root
+auditdistd: root
bin: root
bind: root
daemon: root
Modified: head/etc/master.passwd
==============================================================================
--- head/etc/master.passwd Sat Dec 1 13:46:37 2012 (r243751)
+++ head/etc/master.passwd Sat Dec 1 15:11:46 2012 (r243752)
@@ -20,6 +20,7 @@ _pflogd:*:64:64::0:0:pflogd privsep user
_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
+auditdistd:*:78:77::0:0:Auditdistd unprivileged user:/var/empty:/usr/sbin/nologin
www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
hast:*:845:845::0:0:HAST unprivileged user:/var/empty:/usr/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
Modified: head/etc/mtree/BSD.var.dist
==============================================================================
--- head/etc/mtree/BSD.var.dist Sat Dec 1 13:46:37 2012 (r243751)
+++ head/etc/mtree/BSD.var.dist Sat Dec 1 15:11:46 2012 (r243752)
@@ -19,6 +19,10 @@
/set gname=audit
audit
..
+ dist uname=auditdistd gname=audit mode=0770
+ ..
+ remote uname=auditdistd gname=wheel mode=0700
+ ..
/set gname=wheel
backups
..
Modified: head/etc/rc.d/Makefile
==============================================================================
--- head/etc/rc.d/Makefile Sat Dec 1 13:46:37 2012 (r243751)
+++ head/etc/rc.d/Makefile Sat Dec 1 15:11:46 2012 (r243752)
@@ -19,6 +19,7 @@ FILES= DAEMON \
atm2 \
atm3 \
auditd \
+ auditdistd \
bgfsck \
bluetooth \
bootparams \
Added: head/etc/rc.d/auditdistd
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/etc/rc.d/auditdistd Sat Dec 1 15:11:46 2012 (r243752)
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: auditdistd
+# REQUIRE: auditd
+# BEFORE: DAEMON
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="auditdistd"
+rcvar="${name}_enable"
+pidfile="/var/run/${name}.pid"
+command="/usr/sbin/${name}"
+required_files="/etc/${name}.conf"
+extra_commands="reload"
+
+load_rc_config $name
+run_rc_command "$1"
Modified: head/share/man/man4/audit.4
==============================================================================
--- head/share/man/man4/audit.4 Sat Dec 1 13:46:37 2012 (r243751)
+++ head/share/man/man4/audit.4 Sat Dec 1 15:11:46 2012 (r243752)
@@ -96,7 +96,8 @@ to track users and events in a fine-grai
.Xr audit_warn 5 ,
.Xr rc.conf 5 ,
.Xr audit 8 ,
-.Xr auditd 8
+.Xr auditd 8 ,
+.Xr auditdistd 8
.Sh HISTORY
The
.Tn OpenBSM
Modified: head/usr.sbin/Makefile
==============================================================================
--- head/usr.sbin/Makefile Sat Dec 1 13:46:37 2012 (r243751)
+++ head/usr.sbin/Makefile Sat Dec 1 15:11:46 2012 (r243752)
@@ -110,6 +110,9 @@ SUBDIR+= amd
.if ${MK_AUDIT} != "no"
SUBDIR+= audit
SUBDIR+= auditd
+.if ${MK_OPENSSL} != "no"
+SUBDIR+= auditdistd
+.endif
SUBDIR+= auditreduce
SUBDIR+= praudit
.endif
Added: head/usr.sbin/auditdistd/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/usr.sbin/auditdistd/Makefile Sat Dec 1 15:11:46 2012 (r243752)
@@ -0,0 +1,32 @@
+#
+# $FreeBSD$
+#
+
+OPENBSMDIR=${.CURDIR}/../../contrib/openbsm
+.PATH: ${OPENBSMDIR}/bin/auditdistd
+
+# Addition of auditdistd because otherwise generated parse.c can't find
+# auditdistd.h. This seems like a makefile non-feature.
+CFLAGS+=-I${OPENBSMDIR} -I${OPENBSMDIR}/bin/auditdistd
+
+NO_WFORMAT=
+
+PROG= auditdistd
+SRCS= auditdistd.c
+SRCS+= parse.y pjdlog.c
+SRCS+= proto.c proto_common.c proto_socketpair.c proto_tcp.c proto_tls.c
+SRCS+= receiver.c
+SRCS+= sandbox.c sender.c subr.c
+SRCS+= token.l trail.c
+MAN= auditdistd.8 auditdistd.conf.5
+
+DPADD= ${LIBL} ${LIBPTHREAD} ${LIBUTIL}
+LDADD= -ll -lpthread -lutil
+DPADD+= ${LIBCRYPTO} ${LIBSSL}
+LDADD+= -lcrypto -lssl
+
+YFLAGS+=-v
+
+CLEANFILES=parse.c parse.h parse.output
+
+.include <bsd.prog.mk>
More information about the svn-src-all
mailing list