svn commit: r244398 - in stable/9: etc/defaults etc/mtree etc/rc.d share/man/man4 usr.sbin usr.sbin/auditdistd
Robert Watson
rwatson at FreeBSD.org
Tue Dec 18 14:32:55 UTC 2012
Author: rwatson
Date: Tue Dec 18 14:32:53 2012
New Revision: 244398
URL: http://svnweb.freebsd.org/changeset/base/244398
Log:
Merge r244181 from head to stable/9:
Fix the location of auditdistd configuration file.
Reported by: Johan Hendriks <joh.hendriks at gmail.com>
Merge remaining unmerged portions of r243752 from head to stable/9; parts
adding the new 'auditdistd' user were previously merged in r243947:
Merge a number of changes required to hook up OpenBSM 1.2-alpha2's
auditdistd (distributed audit daemon) to the build:
- Manual cross references
- Makefile for auditdistd
- rc.d script, rc.conf entrie
- New group and user for auditdistd; associated aliases, etc.
The audit trail distribution daemon provides reliable,
cryptographically protected (and sandboxed) delivery of audit tails
from live clients to audit server hosts in order to both allow
centralised analysis, and improve resilience in the event of client
compromises: clients are not permitted to change trail contents
after submission.
Submitted by: pjd
Sponsored by: The FreeBSD Foundation (auditdistd)
Obtained from: TrustedBSD Project
Added:
stable/9/etc/rc.d/auditdistd
- copied, changed from r243752, head/etc/rc.d/auditdistd
stable/9/usr.sbin/auditdistd/
- copied from r243752, head/usr.sbin/auditdistd/
Modified:
stable/9/etc/defaults/rc.conf
stable/9/etc/mtree/BSD.var.dist
stable/9/etc/rc.d/Makefile
stable/9/share/man/man4/audit.4
stable/9/usr.sbin/Makefile
Directory Properties:
stable/9/etc/ (props changed)
stable/9/share/man/man4/ (props changed)
stable/9/usr.sbin/ (props changed)
Modified: stable/9/etc/defaults/rc.conf
==============================================================================
--- stable/9/etc/defaults/rc.conf Tue Dec 18 14:31:55 2012 (r244397)
+++ stable/9/etc/defaults/rc.conf Tue Dec 18 14:32:53 2012 (r244398)
@@ -587,6 +587,9 @@ sendmail_rebuild_aliases="NO" # Run newa
auditd_enable="NO" # Run the audit daemon.
auditd_program="/usr/sbin/auditd" # Path to the audit daemon.
auditd_flags="" # Which options to pass to the audit daemon.
+auditdistd_enable="NO" # Run the audit daemon.
+auditdistd_program="/usr/sbin/auditdistd" # Path to the auditdistd daemon.
+auditdistd_flags="" # Which options to pass to the auditdistd daemon.
cron_enable="YES" # Run the periodic job daemon.
cron_program="/usr/sbin/cron" # Which cron executable to run (if enabled).
cron_dst="YES" # Handle DST transitions intelligently (YES/NO)
Modified: stable/9/etc/mtree/BSD.var.dist
==============================================================================
--- stable/9/etc/mtree/BSD.var.dist Tue Dec 18 14:31:55 2012 (r244397)
+++ stable/9/etc/mtree/BSD.var.dist Tue Dec 18 14:32:53 2012 (r244398)
@@ -19,6 +19,10 @@
/set gname=audit
audit
..
+ dist uname=auditdistd gname=audit mode=0770
+ ..
+ remote uname=auditdistd gname=wheel mode=0700
+ ..
/set gname=wheel
backups
..
Modified: stable/9/etc/rc.d/Makefile
==============================================================================
--- stable/9/etc/rc.d/Makefile Tue Dec 18 14:31:55 2012 (r244397)
+++ stable/9/etc/rc.d/Makefile Tue Dec 18 14:32:53 2012 (r244398)
@@ -4,7 +4,7 @@
FILES= DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS \
abi accounting addswap adjkerntz amd \
- apm apmd archdep atm1 atm2 atm3 auditd \
+ apm apmd archdep atm1 atm2 atm3 auditd auditdistd \
bgfsck bluetooth bootparams bridge bsnmpd bthidd \
ccd cleanvar cleartmp cron \
ddb defaultroute devd devfs dhclient \
Copied and modified: stable/9/etc/rc.d/auditdistd (from r243752, head/etc/rc.d/auditdistd)
==============================================================================
--- head/etc/rc.d/auditdistd Sat Dec 1 15:11:46 2012 (r243752, copy source)
+++ stable/9/etc/rc.d/auditdistd Tue Dec 18 14:32:53 2012 (r244398)
@@ -14,7 +14,7 @@ name="auditdistd"
rcvar="${name}_enable"
pidfile="/var/run/${name}.pid"
command="/usr/sbin/${name}"
-required_files="/etc/${name}.conf"
+required_files="/etc/security/${name}.conf"
extra_commands="reload"
load_rc_config $name
Modified: stable/9/share/man/man4/audit.4
==============================================================================
--- stable/9/share/man/man4/audit.4 Tue Dec 18 14:31:55 2012 (r244397)
+++ stable/9/share/man/man4/audit.4 Tue Dec 18 14:32:53 2012 (r244398)
@@ -96,7 +96,8 @@ to track users and events in a fine-grai
.Xr audit_warn 5 ,
.Xr rc.conf 5 ,
.Xr audit 8 ,
-.Xr auditd 8
+.Xr auditd 8 ,
+.Xr auditdistd 8
.Sh HISTORY
The
.Tn OpenBSM
Modified: stable/9/usr.sbin/Makefile
==============================================================================
--- stable/9/usr.sbin/Makefile Tue Dec 18 14:31:55 2012 (r244397)
+++ stable/9/usr.sbin/Makefile Tue Dec 18 14:32:53 2012 (r244398)
@@ -109,6 +109,9 @@ SUBDIR+= amd
.if ${MK_AUDIT} != "no"
SUBDIR+= audit
SUBDIR+= auditd
+.if ${MK_OPENSSL} != "no"
+SUBDIR+= auditdistd
+.endif
SUBDIR+= auditreduce
SUBDIR+= praudit
.endif
More information about the svn-src-stable
mailing list