diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index 0efaaa15da64..cc3e6238b9d0 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -590,6 +590,9 @@ sendmail_rebuild_aliases="NO" # Run newaliases if necessary (YES/NO). auditd_enable="NO" # Run the audit daemon. auditd_program="/usr/sbin/auditd" # Path to the audit daemon. auditd_flags="" # Which options to pass to the audit daemon. +auditdistd_enable="NO" # Run the audit daemon. +auditdistd_program="/usr/sbin/auditdistd" # Path to the auditdistd daemon. +auditdistd_flags="" # Which options to pass to the auditdistd daemon. cron_enable="YES" # Run the periodic job daemon. cron_program="/usr/sbin/cron" # Which cron executable to run (if enabled). cron_dst="YES" # Handle DST transitions intelligently (YES/NO) diff --git a/etc/ftpusers b/etc/ftpusers index 06b3f498bbd2..adb9dcf3bc96 100644 --- a/etc/ftpusers +++ b/etc/ftpusers @@ -19,6 +19,7 @@ _pflogd _dhcp uucp pop +auditdistd www hast nobody diff --git a/etc/mail/aliases b/etc/mail/aliases index 5f5cd248f7cb..46f5f644bb77 100644 --- a/etc/mail/aliases +++ b/etc/mail/aliases @@ -26,6 +26,7 @@ postmaster: root # General redirections for pseudo accounts _dhcp: root _pflogd: root +auditdistd: root bin: root bind: root daemon: root diff --git a/etc/master.passwd b/etc/master.passwd index 4e1d11304b84..f979940ec8c1 100644 --- a/etc/master.passwd +++ b/etc/master.passwd @@ -20,6 +20,7 @@ _pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin _dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin +auditdistd:*:78:77::0:0:Auditdistd unprivileged user:/var/empty:/usr/sbin/nologin www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin hast:*:845:845::0:0:HAST unprivileged user:/var/empty:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin diff --git a/etc/mtree/BSD.var.dist b/etc/mtree/BSD.var.dist index 4481b10ada2d..30b901d92337 100644 --- a/etc/mtree/BSD.var.dist +++ b/etc/mtree/BSD.var.dist @@ -19,6 +19,10 @@ /set gname=audit audit .. + dist uname=auditdistd gname=audit mode=0770 + .. + remote uname=auditdistd gname=wheel mode=0700 + .. /set gname=wheel backups .. diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile index 245b0c9e2481..aace4b17fcc3 100644 --- a/etc/rc.d/Makefile +++ b/etc/rc.d/Makefile @@ -19,6 +19,7 @@ FILES= DAEMON \ atm2 \ atm3 \ auditd \ + auditdistd \ bgfsck \ bluetooth \ bootparams \ diff --git a/etc/rc.d/auditdistd b/etc/rc.d/auditdistd new file mode 100644 index 000000000000..0aa62e8ec184 --- /dev/null +++ b/etc/rc.d/auditdistd @@ -0,0 +1,21 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: auditdistd +# REQUIRE: auditd +# BEFORE: DAEMON +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="auditdistd" +rcvar="${name}_enable" +pidfile="/var/run/${name}.pid" +command="/usr/sbin/${name}" +required_files="/etc/${name}.conf" +extra_commands="reload" + +load_rc_config $name +run_rc_command "$1" diff --git a/share/man/man4/audit.4 b/share/man/man4/audit.4 index 167248cec5da..8fbce7db4ea8 100644 --- a/share/man/man4/audit.4 +++ b/share/man/man4/audit.4 @@ -96,7 +96,8 @@ to track users and events in a fine-grained manner. .Xr audit_warn 5 , .Xr rc.conf 5 , .Xr audit 8 , -.Xr auditd 8 +.Xr auditd 8 , +.Xr auditdistd 8 .Sh HISTORY The .Tn OpenBSM diff --git a/usr.sbin/Makefile b/usr.sbin/Makefile index 296856b7e9ee..aaf2483fe896 100644 --- a/usr.sbin/Makefile +++ b/usr.sbin/Makefile @@ -110,6 +110,9 @@ SUBDIR+= amd .if ${MK_AUDIT} != "no" SUBDIR+= audit SUBDIR+= auditd +.if ${MK_OPENSSL} != "no" +SUBDIR+= auditdistd +.endif SUBDIR+= auditreduce SUBDIR+= praudit .endif diff --git a/usr.sbin/auditdistd/Makefile b/usr.sbin/auditdistd/Makefile new file mode 100644 index 000000000000..468290b2ed35 --- /dev/null +++ b/usr.sbin/auditdistd/Makefile @@ -0,0 +1,32 @@ +# +# $FreeBSD$ +# + +OPENBSMDIR=${.CURDIR}/../../contrib/openbsm +.PATH: ${OPENBSMDIR}/bin/auditdistd + +# Addition of auditdistd because otherwise generated parse.c can't find +# auditdistd.h. This seems like a makefile non-feature. +CFLAGS+=-I${OPENBSMDIR} -I${OPENBSMDIR}/bin/auditdistd + +NO_WFORMAT= + +PROG= auditdistd +SRCS= auditdistd.c +SRCS+= parse.y pjdlog.c +SRCS+= proto.c proto_common.c proto_socketpair.c proto_tcp.c proto_tls.c +SRCS+= receiver.c +SRCS+= sandbox.c sender.c subr.c +SRCS+= token.l trail.c +MAN= auditdistd.8 auditdistd.conf.5 + +DPADD= ${LIBL} ${LIBPTHREAD} ${LIBUTIL} +LDADD= -ll -lpthread -lutil +DPADD+= ${LIBCRYPTO} ${LIBSSL} +LDADD+= -lcrypto -lssl + +YFLAGS+=-v + +CLEANFILES=parse.c parse.h parse.output + +.include