Merge a number of changes required to hook up OpenBSM 1.2-alpha2's

auditdistd (distributed audit daemon) to the build:

- Manual cross references
- Makefile for auditdistd
- rc.d script, rc.conf entrie
- New group and user for auditdistd; associated aliases, etc.

The audit trail distribution daemon provides reliable,
cryptographically protected (and sandboxed) delivery of audit tails
from live clients to audit server hosts in order to both allow
centralised analysis, and improve resilience in the event of client
compromises: clients are not permitted to change trail contents
after submission.

Submitted by:	pjd
Sponsored by:	The FreeBSD Foundation (auditdistd)

10 files changed, 69 insertions, 1 deletions

diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index 0efaaa1..cc3e623 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -590,6 +590,9 @@ sendmail_rebuild_aliases="NO"	# Run newaliases if necessary (YES/NO).
 auditd_enable="NO"	# Run the audit daemon.
 auditd_program="/usr/sbin/auditd"	# Path to the audit daemon.
 auditd_flags=""		# Which options to pass to the audit daemon.
+auditdistd_enable="NO"	# Run the audit daemon.
+auditdistd_program="/usr/sbin/auditdistd"	# Path to the auditdistd daemon.
+auditdistd_flags=""	# Which options to pass to the auditdistd daemon.
 cron_enable="YES"	# Run the periodic job daemon.
 cron_program="/usr/sbin/cron"	# Which cron executable to run (if enabled).
 cron_dst="YES"		# Handle DST transitions intelligently (YES/NO)
diff --git a/etc/ftpusers b/etc/ftpusers
index 06b3f49..adb9dcf 100644
--- a/etc/ftpusers
+++ b/etc/ftpusers
@@ -19,6 +19,7 @@ _pflogd
 _dhcp
 uucp
 pop
+auditdistd
 www
 hast
 nobody
diff --git a/etc/mail/aliases b/etc/mail/aliases
index 5f5cd24..46f5f64 100644
--- a/etc/mail/aliases
+++ b/etc/mail/aliases
@@ -26,6 +26,7 @@ postmaster: root
 # General redirections for pseudo accounts
 _dhcp:	root
 _pflogd: root
+auditdistd:	root
 bin:	root
 bind:	root
 daemon:	root
diff --git a/etc/master.passwd b/etc/master.passwd
index 4e1d113..f979940 100644
--- a/etc/master.passwd
+++ b/etc/master.passwd
@@ -20,6 +20,7 @@ _pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin
 _dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin
 uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
 pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
+auditdistd:*:78:77::0:0:Auditdistd unprivileged user:/var/empty:/usr/sbin/nologin
 www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
 hast:*:845:845::0:0:HAST unprivileged user:/var/empty:/usr/sbin/nologin
 nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
diff --git a/etc/mtree/BSD.var.dist b/etc/mtree/BSD.var.dist
index 4481b10..30b901d 100644
--- a/etc/mtree/BSD.var.dist
+++ b/etc/mtree/BSD.var.dist
@@ -19,6 +19,10 @@
 /set gname=audit
     audit
     ..
+        dist            uname=auditdistd gname=audit mode=0770
+        ..
+        remote          uname=auditdistd gname=wheel mode=0700
+        ..
 /set gname=wheel
     backups
     ..
diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile
index 245b0c9..aace4b1 100644
--- a/etc/rc.d/Makefile
+++ b/etc/rc.d/Makefile
@@ -19,6 +19,7 @@ FILES=	DAEMON \
 	atm2 \
 	atm3 \
 	auditd \
+	auditdistd \
 	bgfsck \
 	bluetooth \
 	bootparams \
diff --git a/etc/rc.d/auditdistd b/etc/rc.d/auditdistd
new file mode 100644
index 0000000..0aa62e8
--- /dev/null
+++ b/etc/rc.d/auditdistd
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: auditdistd
+# REQUIRE: auditd
+# BEFORE:  DAEMON
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="auditdistd"
+rcvar="${name}_enable"
+pidfile="/var/run/${name}.pid"
+command="/usr/sbin/${name}"
+required_files="/etc/${name}.conf"
+extra_commands="reload"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/share/man/man4/audit.4 b/share/man/man4/audit.4
index 167248c..8fbce7d 100644
--- a/share/man/man4/audit.4
+++ b/share/man/man4/audit.4
@@ -96,7 +96,8 @@ to track users and events in a fine-grained manner.
 .Xr audit_warn 5 ,
 .Xr rc.conf 5 ,
 .Xr audit 8 ,
-.Xr auditd 8
+.Xr auditd 8 ,
+.Xr auditdistd 8
 .Sh HISTORY
 The
 .Tn OpenBSM
diff --git a/usr.sbin/Makefile b/usr.sbin/Makefile
index 296856b..aaf2483 100644
--- a/usr.sbin/Makefile
+++ b/usr.sbin/Makefile
@@ -110,6 +110,9 @@ SUBDIR+=	amd
 .if ${MK_AUDIT} != "no"
 SUBDIR+=	audit
 SUBDIR+=	auditd
+.if ${MK_OPENSSL} != "no"
+SUBDIR+=	auditdistd
+.endif
 SUBDIR+=	auditreduce
 SUBDIR+=	praudit
 .endif
diff --git a/usr.sbin/auditdistd/Makefile b/usr.sbin/auditdistd/Makefile
new file mode 100644
index 0000000..468290b
--- /dev/null
+++ b/usr.sbin/auditdistd/Makefile
@@ -0,0 +1,32 @@
+#
+# $FreeBSD$
+#
+
+OPENBSMDIR=${.CURDIR}/../../contrib/openbsm
+.PATH: ${OPENBSMDIR}/bin/auditdistd
+
+# Addition of auditdistd because otherwise generated parse.c can't find
+# auditdistd.h.  This seems like a makefile non-feature.
+CFLAGS+=-I${OPENBSMDIR} -I${OPENBSMDIR}/bin/auditdistd
+
+NO_WFORMAT=
+
+PROG=	auditdistd
+SRCS=	auditdistd.c
+SRCS+=	parse.y pjdlog.c
+SRCS+=	proto.c proto_common.c proto_socketpair.c proto_tcp.c proto_tls.c
+SRCS+=	receiver.c
+SRCS+=	sandbox.c sender.c subr.c
+SRCS+=	token.l trail.c
+MAN=	auditdistd.8 auditdistd.conf.5
+
+DPADD=	${LIBL} ${LIBPTHREAD} ${LIBUTIL}
+LDADD=	-ll -lpthread -lutil
+DPADD+=	${LIBCRYPTO} ${LIBSSL}
+LDADD+=	-lcrypto -lssl
+
+YFLAGS+=-v
+
+CLEANFILES=parse.c parse.h parse.output
+
+.include <bsd.prog.mk>