auditdistd - Secure and reliable distribution of audit trail files

Cite

Berkeley System Distribution (BSD), Andrea Ross

Dawidek, Pawel Jakub

Formal Metadata

Title

auditdistd - Secure and reliable distribution of audit trail files

Title of Series

The Technical BSD Conference 2012

Number of Parts

Author

Dawidek, Pawel Jakub

License

CC Attribution - NonCommercial - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this

Identifiers

10.5446/19514 (DOI)

Publisher

Berkeley System Distribution (BSD), Andrea Ross

Release Date

2012

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

Security Event Audit is a facility to provide fine-grained, configurable logging of security-relevant events. Audit events are stored in trail files that can be used for postmortem analysis in case of system compromise. Once the system is compromised, an attacker has access to audit trail files and can modify or delete them. The auditdistd daemon's role is to distribute audit trail files to a remote system in a secure and reliable way. The talk will provide background to the Security Event Audit facility in FreeBSD and will describe auditdistd daemon in detail. The auditdistd daemon is a good example of using modern sandboxing mechanisms, like capsicum. During the talk audit subsystem and auditdistd daemon will be presented live.