Merge a number of changes required to hook up OpenBSM 1.2-alpha2's
auditdistd (distributed audit daemon) to the build: - Manual cross references - Makefile for auditdistd - rc.d script, rc.conf entrie - New group and user for auditdistd; associated aliases, etc. The audit trail distribution daemon provides reliable, cryptographically protected (and sandboxed) delivery of audit tails from live clients to audit server hosts in order to both allow centralised analysis, and improve resilience in the event of client compromises: clients are not permitted to change trail contents after submission. Submitted by: pjd Sponsored by: The FreeBSD Foundation (auditdistd)
This commit is contained in:
Robert Watson
parent
d0c2e5bd23
commit
16648b4fff
@ -590,6 +590,9 @@ sendmail_rebuild_aliases="NO" # Run newaliases if necessary (YES/NO).
|
||||
auditd_enable="NO" # Run the audit daemon.
|
||||
auditd_program="/usr/sbin/auditd" # Path to the audit daemon.
|
||||
auditd_flags="" # Which options to pass to the audit daemon.
|
||||
auditdistd_enable="NO" # Run the audit daemon.
|
||||
auditdistd_program="/usr/sbin/auditdistd" # Path to the auditdistd daemon.
|
||||
auditdistd_flags="" # Which options to pass to the auditdistd daemon.
|
||||
cron_enable="YES" # Run the periodic job daemon.
|
||||
cron_program="/usr/sbin/cron" # Which cron executable to run (if enabled).
|
||||
cron_dst="YES" # Handle DST transitions intelligently (YES/NO)
|
||||
|
||||
@ -19,6 +19,7 @@ _pflogd
|
||||
_dhcp
|
||||
uucp
|
||||
pop
|
||||
auditdistd
|
||||
www
|
||||
hast
|
||||
nobody
|
||||
|
||||
@ -26,6 +26,7 @@ postmaster: root
|
||||
# General redirections for pseudo accounts
|
||||
_dhcp: root
|
||||
_pflogd: root
|
||||
auditdistd: root
|
||||
bin: root
|
||||
bind: root
|
||||
daemon: root
|
||||
|
||||
@ -20,6 +20,7 @@ _pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin
|
||||
_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin
|
||||
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
|
||||
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
|
||||
auditdistd:*:78:77::0:0:Auditdistd unprivileged user:/var/empty:/usr/sbin/nologin
|
||||
www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
|
||||
hast:*:845:845::0:0:HAST unprivileged user:/var/empty:/usr/sbin/nologin
|
||||
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
|
||||
|
||||
@ -19,6 +19,10 @@
|
||||
/set gname=audit
|
||||
audit
|
||||
..
|
||||
dist uname=auditdistd gname=audit mode=0770
|
||||
..
|
||||
remote uname=auditdistd gname=wheel mode=0700
|
||||
..
|
||||
/set gname=wheel
|
||||
backups
|
||||
..
|
||||
|
||||
@ -19,6 +19,7 @@ FILES= DAEMON \
|
||||
atm2 \
|
||||
atm3 \
|
||||
auditd \
|
||||
auditdistd \
|
||||
bgfsck \
|
||||
bluetooth \
|
||||
bootparams \
|
||||
|
||||
21
etc/rc.d/auditdistd
Normal file
21
etc/rc.d/auditdistd
Normal file
@ -0,0 +1,21 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
# PROVIDE: auditdistd
|
||||
# REQUIRE: auditd
|
||||
# BEFORE: DAEMON
|
||||
# KEYWORD: nojail shutdown
|
||||
|
||||
. /etc/rc.subr
|
||||
|
||||
name="auditdistd"
|
||||
rcvar="${name}_enable"
|
||||
pidfile="/var/run/${name}.pid"
|
||||
command="/usr/sbin/${name}"
|
||||
required_files="/etc/${name}.conf"
|
||||
extra_commands="reload"
|
||||
|
||||
load_rc_config $name
|
||||
run_rc_command "$1"
|
||||
@ -96,7 +96,8 @@ to track users and events in a fine-grained manner.
|
||||
.Xr audit_warn 5 ,
|
||||
.Xr rc.conf 5 ,
|
||||
.Xr audit 8 ,
|
||||
.Xr auditd 8
|
||||
.Xr auditd 8 ,
|
||||
.Xr auditdistd 8
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Tn OpenBSM
|
||||
|
||||
@ -110,6 +110,9 @@ SUBDIR+= amd
|
||||
.if ${MK_AUDIT} != "no"
|
||||
SUBDIR+= audit
|
||||
SUBDIR+= auditd
|
||||
.if ${MK_OPENSSL} != "no"
|
||||
SUBDIR+= auditdistd
|
||||
.endif
|
||||
SUBDIR+= auditreduce
|
||||
SUBDIR+= praudit
|
||||
.endif
|
||||
|
||||
32
usr.sbin/auditdistd/Makefile
Normal file
32
usr.sbin/auditdistd/Makefile
Normal file
@ -0,0 +1,32 @@
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
OPENBSMDIR=${.CURDIR}/../../contrib/openbsm
|
||||
.PATH: ${OPENBSMDIR}/bin/auditdistd
|
||||
|
||||
# Addition of auditdistd because otherwise generated parse.c can't find
|
||||
# auditdistd.h. This seems like a makefile non-feature.
|
||||
CFLAGS+=-I${OPENBSMDIR} -I${OPENBSMDIR}/bin/auditdistd
|
||||
|
||||
NO_WFORMAT=
|
||||
|
||||
PROG= auditdistd
|
||||
SRCS= auditdistd.c
|
||||
SRCS+= parse.y pjdlog.c
|
||||
SRCS+= proto.c proto_common.c proto_socketpair.c proto_tcp.c proto_tls.c
|
||||
SRCS+= receiver.c
|
||||
SRCS+= sandbox.c sender.c subr.c
|
||||
SRCS+= token.l trail.c
|
||||
MAN= auditdistd.8 auditdistd.conf.5
|
||||
|
||||
DPADD= ${LIBL} ${LIBPTHREAD} ${LIBUTIL}
|
||||
LDADD= -ll -lpthread -lutil
|
||||
DPADD+= ${LIBCRYPTO} ${LIBSSL}
|
||||
LDADD+= -lcrypto -lssl
|
||||
|
||||
YFLAGS+=-v
|
||||
|
||||
CLEANFILES=parse.c parse.h parse.output
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
Loading…
Reference in New Issue
Block a user