https://github.com/0mp/audisp-auditdistd

Adapting an OpenBSM auditdistd to serve as a Linux Audit audisp plugin capable of sending audit trails over to a FreeBSD auditdistd.
https://github.com/0mp/audisp-auditdistd

audispd audit auditdistd freebsd linux linux-audit openbsm plugin

Last synced: 10 months ago
JSON representation

Adapting an OpenBSM auditdistd to serve as a Linux Audit audisp plugin capable of sending audit trails over to a FreeBSD auditdistd.

• Host: GitHub
• URL: https://github.com/0mp/audisp-auditdistd
• Owner: 0mp
• Created: 2017-09-06T20:18:25.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2018-04-25T12:27:27.000Z (about 8 years ago)
• Last Synced: 2025-04-16T02:56:12.060Z (about 1 year ago)
• Topics: audispd, audit, auditdistd, freebsd, linux, linux-audit, openbsm, plugin
• Language: Shell
• Homepage: https://wiki.freebsd.org/MateuszPiotrowski/Audit/ReceivingLinuxAuditTrailsWithAuditdistd
• Size: 23.4 KB
• Stars: 6
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# audisp-auditdistd

Pushing audit logs from Linux over to FreeBSD using auditdistd daemons.

## Usage

### First set up

```sh

./generate-auditdistd-conf

./do-vagrant-up

./do-provision

vagrant provision linux-sender --provision-with rebuild-openbsm

```

### Run auditdistds

```sh

vagrant provision freebsd-receiver --provision-with run

vagrant provision linux-sender --provision-with run

```

### Detatils

There are 3 machines:

* freebsd-receiver

* freebsd-sender

* linux-sender

The goal is to make linux-sender work flawlessly with freebsd-receiver.

freebsd-sender is here for debugging purposes. In order to start the freebsd-sender machine you have to run:

```sh

./do-vagrant-up --full

```

Every machine has its own OpenBSM branch.

## Dependencies

- `rsync`

- `vagrant`