diff options
Diffstat (limited to 'contrib/openbsm/bin/auditdistd/auditdistd.conf.5')
-rw-r--r-- | contrib/openbsm/bin/auditdistd/auditdistd.conf.5 | 361 |
1 files changed, 361 insertions, 0 deletions
diff --git a/contrib/openbsm/bin/auditdistd/auditdistd.conf.5 b/contrib/openbsm/bin/auditdistd/auditdistd.conf.5 new file mode 100644 index 0000000..46356df --- /dev/null +++ b/contrib/openbsm/bin/auditdistd/auditdistd.conf.5 @@ -0,0 +1,361 @@ +.\" Copyright (c) 2012 The FreeBSD Foundation +.\" All rights reserved. +.\" +.\" This documentation was written by Pawel Jakub Dawidek under sponsorship +.\" from the FreeBSD Foundation. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd March 22, 2011 +.Dt AUDITDISTD.CONF 5 +.Os +.Sh NAME +.Nm auditdistd.conf +.Nd configuration file for the +.Xr auditdistd 8 +daemon. +.Sh DESCRIPTION +Note: the configuration file may contain passwords. +Care should be taken to configure proper permissions on this file +.Li ( eg. 0600 ) . +.Pp +Every line starting with # is treated as comment and ignored. +.Sh CONFIGURATION FILE SYNTAX +General syntax of the +.Nm +file is following: +.Bd -literal -offset +## Global section. + +# Our name. +# The default is first part of the hostname. +name "<name>" + +# Connection timeout. +# The default is 5. +timeout <seconds> + +# Path to pidfile. +# The default is "/var/run/auditdistd.pid". +pidfile "<path>" + +sender { + ## Sender section. + + # Source address for connections. + # Optional. + source "<addr>" + + # Directory with audit trail files managed by auditdistd. + # The default is /var/audit/dist. + directory "<dir>" +.\" +.\" # Checksum algorithm for data send over the wire. +.\" # The default is none. +.\" checksum "<algorithm>" +.\" +.\" # Compression algorithm for data send over the wire. +.\" # The default is none. +.\" compression "<algorithm>" + + # Configuration for the target system we want to send audit trail + # files to. + host "<name>" { + # Source address for connections. + # Optional. + source "<addr>" + + # Address of auditdistd receiver. + # No default. Obligatory. + remote "<addr>" + + # Directory with audit trail files managed by auditdistd. + # The default is /var/audit/dist. + directory "<dir>" + + # Fingerprint of the receiver's public key when using TLS + # for connection. + # Example fingerprint: + # SHA256=8F:0A:FC:8A:3D:09:80:AF:D9:AA:38:CC:8A:86:53:E6:8F:B6:1C:55:30:14:D7:F9:AA:8B:3E:73:CD:F5:76:2B + fingerprint "<algorithm=hash>" + + # Password used to authenticate in front of the receiver. + password "<password>" +.\" +.\" # Checksum algorithm for data send over the wire. +.\" # The default is none. +.\" checksum "<algorithm>" +.\" +.\" # Compression algorithm for data send over the wire. +.\" # The default is none. +.\" compression "<algorithm>" + } + + # Currently local audit trail files can be send only to one remote + # auditdistd receiver, but this can change in the future. +} + +receiver { + ## Receiver section. + + # Address to listen on. Multiple listen addresses might be specified. + # The defaults are "tcp4://0.0.0.0:7878" and "tcp6://[::]:7878". + listen "<addr>" + + # Base directory. + # If directory in host section is no absolute, it will be concatenated + # with this base directory. + # The default is "/var/audit/remote". + directory "<basedir>" + + # Path to receiver's certificate file. + # The default is "/etc/security/auditdistd.cert.pem". + certfile "<path>" + + # Path to receiver's private key file. + # The default is "/etc/security/auditdistd.key.pem". + keyfile "<path>" + + # Configuration for a source system we want to receive audit trail + # files from. + host "<name>" { + # Sender address. + # No default. Obligatory. + remote "<addr>" + + # Directory where to store audit trail files received + # from system <name>. + # The default is "<basedir>/<name>". + directory "<dir>" + + # Password used by the sender to authenticate. + password "<password>" + } + + # Multiple hosts to receive from can be configured. +} +.Ed +.Pp +Most of the various available configuration parameters are optional. +If parameter is not defined in the particular section, it will be +inherited from the parent section if possible. +For example, if the +.Ic source +parameter is not defined in the +.Ic host +section, it will be inherited from the +.Ic sender +section. +In case the +.Ic global +section does not define the +.Ic source +parameter at all, the default value will be used. +.Sh CONFIGURATION FILE DESCRIPTION +The following statements are available: +.Bl -tag -width ".Ic xxxx" +.It Ic name Aq name +.Pp +This host's name. +It is send to the receiver, so it can properly recognize us if there are +more than one sender coming from the same IP address. +.It Ic timeout Aq seconds +.Pp +Connection timeout in seconds. +The default value is +.Va 5 . +.It Ic pidfile Aq path +.Pp +File in which to store the process ID of the main +.Xr auditdistd 8 +process. +.Pp +The default value is +.Pa /var/run/auditdistd.pid . +.It Ic source Aq addr +.Pp +Local address to bind to before connecting to the remote +.Nm auditdistd +daemon. +Format is the same as for the +.Ic listen +statement. +.It Ic directory Aq path +.Pp +Directory where to look for audit trail files in case of sender mode or +directory where to store received audit trail files. +The provided path has to be an absolute path. +The only exception is when directory is provided in the +.Ic receiver +section, then path provided in the +.Ic host +subsections can be relative to the directory in the +.Ic receiver +section. +The default value is +.Pa /var/audit/dist +for the entire +.Ic sender +section, +.Pa /var/audit/remote +for the non-host +.Ic receiver +section and +.Pa /var/audit/remote/<name> +for the +.Ic host +subsections in the +.Ic receiver +section where +.Aq name +is host's name. +.\".It Ic checksum Aq algorithm +.\".Pp +.\"Checksum algorithm should be one of the following: +.\".Bl -tag -width ".Ic sha256" +.\".It Ic none +.\"No checksum will be calculated for the data being send over the network. +.\"This is the default setting. +.\".It Ic crc32 +.\"CRC32 checksum will be calculated. +.\".It Ic sha256 +.\"SHA256 checksum will be calculated. +.\".El +.\".It Ic compression Aq algorithm +.\".Pp +.\"Compression algorithm should be one of the following: +.\".Bl -tag -width ".Ic none" +.\".It Ic none +.\"Data send over the network will not be compressed. +.\"This is the default setting. +.\".It Ic lzf +.\"The +.\".Nm LZF +.\"algorithm by +.\".An Marc Alexander Lehmann +.\"will be used to compress the data send over the network. +.\".Nm LZF +.\"is very fast, general purpose compression algorithm. +.\".El +.It Ic remote Aq addr +.Pp +Address of the remote +.Nm auditdistd +daemon. +Format is the same as for the +.Ic listen +statement. +When operating in the +.Ic sender +mode this address will be used to connect to the +.Ic receiver . +When operating in the +.Ic receiver +mode only connections from this address will be accepted. +.It Ic listen Aq addr +.Pp +Address to listen on in form of: +.Bd -literal -offset indent +protocol://protocol-specific-address +.Ed +.Pp +Each of the following examples defines the same listen address: +.Bd -literal -offset indent +0.0.0.0 +0.0.0.0:7878 +tcp://0.0.0.0 +tcp://0.0.0.0:7878 +tcp4://0.0.0.0 +tcp4://0.0.0.0:7878 +.Ed +.Pp +Multiple listen addresses can be specified. +By default +.Nm auditdistd +listens on +.Pa tcp4://0.0.0.0:7878 +and +.Pa tcp6://[::]:7878 +if kernel supports IPv4 and IPv6 respectively. +.It Ic keyfile Aq path +.Pp +Path to a file that contains private key for TLS communication. +.It Ic certfile Aq path +.Pp +Path to a file that contains certificate for TLS communication. +.It Ic fingerprint Aq algo=hash +.Pp +Finger print of the receiver's public key. +Currently only SHA256 algorithm is supported. +Certificate public key's fingerprint ready to be pasted into auditdistd +configuration file can be obtained by running: +.Bd -literal -offset +# openssl x509 -in /etc/security/auditdistd.cert.pem -noout -fingerprint -sha256 | awk -F '[ =]' '{printf("%s=%s\\n", $1, $3)}' +.Ed +.It Ic password Aq password +.Pp +Password used to authenticate the sender in front of the receiver. +.El +.Sh FILES +.Bl -tag -width ".Pa /etc/security/auditdistd.conf" -compact +.It Pa /etc/security/auditdistd.conf +The default +.Nm auditdistd +configuration file. +.El +.Sh EXAMPLES +The example configuration files can look as follows. +.Pp +Web server: +.Bd -literal -offset indent +sender { + host backup { + remote 10.0.0.4 + } +} +.Ed +.Pp +Audit backup server: +.Bd -literal -offset indent +receiver { + host webserv { + remote 10.0.0.1 + } + host mailserv { + remote 10.0.0.2 + } + host dnsserv { + remote 10.0.0.3 + } +} +.Ed +.Sh SEE ALSO +.Xr audit 4 , +.Xr auditdistd 8 . +.Sh AUTHORS +The +.Nm +was written by +.An Pawel Jakub Dawidek Aq pawel@dawidek.net +under sponsorship of the FreeBSD Foundation. |