Phase 1 - audit_remote(5) plugin

Remote Audit Trail Storage - Phase 1

Description

First phase of the project, covered by the PSARC/2009/208, had to provide a new auditd plugin audit_remote(5) for sending the binary Solaris Audit Log securely to a remote system. audit_remote(5) sends the binary audit trail to a configured remote server in the same format as audit_binfile(5) writes to the filesystem.
It does this using libgss(3LIB) to authenticate the server, and to privacy
and integrity protect the transmission. Any of the available GSS mechanisms
may be used. The protocol between the plugin and the "audit server" is
versioned.

Implementation details

The implementation details are in high detail explained in the plugin related manual page - audit_remote(5) which also describes the communication protocol used between plugin and the projected remote audit daemon. Even thought the remote audit daemon is not implemented yet (it is the subject of the currently unscheduled phase 2 of the project), the audit_remote(5) man page should deliver enough information to allow any developer to develop her/his own audit remote daemon.

Project delivery notes

The project phase 1 was delivered in the SXCE build 121 (source code).