FOSSLC is a non-profit organization that specializes in technology and know-how to record conferences with excellent quality. Click on the icons below to view great videos from communities we are actively involved with:

 

auditdistd - Secure and reliable distribution of audit trail files

Posted on 18. May, 2012 by fosslcevents in BSDCan, BSDCan 2012, FreeBSD, Security, Sysadmin, BSD
FreeBSD

Location

Ottawa, ON
Canada
45° 25' 17.508" N, 75° 41' 49.8948" W
See map: Google Maps

Security Event Audit is a facility to provide fine-grained, configurable logging of security-relevant events. Audit events are stored in trail files that can be used for postmortem analysis in case of system compromise. Once the system is compromised, an attacker has access to audit trail files and can modify or delete them. The auditdistd daemon's role is to distribute audit trail files to a remote system in a secure and reliable way.

The talk will provide background to the Security Event Audit facility in FreeBSD and will describe auditdistd daemon in detail. The auditdistd daemon is a good example of using modern sandboxing mechanisms, like capsicum. During the talk audit subsystem and auditdistd daemon will be presented live.

Minutes: 
35
Event: 
BSDCan2012
Share this page:
  • del.icio.us
  • Digg
  • Facebook
  • identi.ca
  • LinkedIn
  • Reddit
  • SlashDot
  • StumbleUpon
  • Twitter
Speaker: 
Pawel Jakub Dawidek
Filmed: 
11.05.2012