Date: Thu, 8 May 2008 09:08:04 -0400 From: "Jonathan Bond-Caron" <jbondc@openmv.com> To: "'Robert Watson'" <rwatson@FreeBSD.org> Cc: freebsd-current@freebsd.org Subject: RE: Freebsd auditing in 7.0? Message-ID: <000901c8b10c$8da565d0$a8f03170$@com> In-Reply-To: <20080508001926.A37487@fledge.watson.org> References: <000601c8b044$a4616490$ed242db0$@com> <20080508001926.A37487@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for the information, I'd definitely be testing audit on 7.0 And great paper! I really enjoyed the read -----Original Message----- From: Robert Watson [mailto:rwatson@FreeBSD.org] Sent: May 7, 2008 7:24 PM To: Jonathan Bond-Caron Cc: freebsd-current@freebsd.org Subject: Re: Freebsd auditing in 7.0? On Wed, 7 May 2008, Jonathan Bond-Caron wrote: > I recently read this paper: > http://www.trustedbsd.org/20060303-ukuug2006lisa-audit.pdf > > I'm wondering if there are any new features in 7.0 for auditing freebsd and > if audit is included in the base? Changes between audit as shipped in 6.2 and 7.0 are largely incremental -- support for printing audit records as XML, better support for emulation environments such as 32-bit binaryes on 64-bit systems, Linux-emulated binaries, improved IPv6 support, etc. > I've been using syslog-ng on 6.2 for some time but audit looks more rigorous > to track system events & changes. Are there auditing options in 7.0 that > allow sending logs to a central server over SSL? Or any recommendations > other then syslog-ng? > > The goal is track more system events & centralize the log files at a central > server. Last year we had a GSoC project looking at distributed auditing, but I'm not sure there was a usable end result (perhaps someone else can point us at it if so). I'm aware of one on-going project looking at SSL-enabled distributed log parts, but I'm not sure if the author is willing to turn himself in as-yet. Perhaps soon :-). I would certainly anticipate that this is a feature we will ship in the future, but any dates would be hand-waving at this point, unfortunately. Robert N M Watson Computer Laboratory University of Cambridge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000901c8b10c$8da565d0$a8f03170$>