from jailed process. These might get implemented in jails in the
future, but for now they are not supported.
Discussed on: freebsd-security@
Reviewed by: brueffer@
MFC after: 2 weeks
auditdistd (distributed audit daemon) to the build:
- Manual cross references
- Makefile for auditdistd
- rc.d script, rc.conf entrie
- New group and user for auditdistd; associated aliases, etc.
The audit trail distribution daemon provides reliable,
cryptographically protected (and sandboxed) delivery of audit tails
from live clients to audit server hosts in order to both allow
centralised analysis, and improve resilience in the event of client
compromises: clients are not permitted to change trail contents
after submission.
Submitted by: pjd
Sponsored by: The FreeBSD Foundation (auditdistd)
Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.
Reviewed by: ru
Approved by: philip, ed (mentors)
While there remain some incomplete aspects of the implementation (such
as incomplete auditing of some system calls), the implementation has
been burned in for a few years, as well as in GENERIC for a few years.
Obtained from: TrustedBSD Project
to "tee" the BSM record stream for the purposes of live monitoring,
intrusion detection, etc. Support for audit pipes will be committed in
the near future.
Obtained from: TrustedBSD Project
kernel audit facility, warnings about the experimental nature of this
implementation, and pointers at a large number of other audit related
man pages.
Obtained from: TrustedBSD Project