BSDCan2012 - Slide Update J

BSDCan 2012
The Technical BSD Conference

Pawel Jakub Dawidek
Day Talks - 1 - 2012-05-11
Room MRT 205
Start time 11:30
Duration 01:00
ID 335
Track Security
Language used for presentation English

auditdistd - Secure and reliable distribution of audit trail files

Security Event Audit is a facility to provide fine-grained, configurable logging of security-relevant events. Audit events are stored in trail files that can be used for postmortem analysis in case of system compromise. Once the system is compromised, an attacker has access to audit trail files and can modify or delete them. The auditdistd daemon's role is to distribute audit trail files to a remote system in a secure and reliable way.

The talk will provide background to the Security Event Audit facility in FreeBSD and will describe auditdistd daemon in detail. The auditdistd daemon is a good example of using modern sandboxing mechanisms, like capsicum. During the talk audit subsystem and auditdistd daemon will be presented live.