On Thu, Feb 08, 2007 at 07:48:55PM +0300, Stanislav Sedov
wrote:> Hi!
>
> I'm experiencing some problems configuring audit on 6.2-RELEASE system.
> It doesn't seem to log anything except login messages. The only thing
> I've modified in config is the root user specification in audit_users.
> Now it looks like this:
> root:lo,ex,fw,fc:no
>
> However nor ex, non fw or fc messages doesn't get into the log.
> Furthermore, deleting lo from audit_users and audit_control doesn't
stop
> login messages logging.
>
> Is it possible that some other kernel options interfere with AUDIT
> (e.g. MAC)?
>
Are you running something else then FreeBSD/i386? If yes, the necessary
changes to the machine dependent trap.c weren't merged. This was only
noticed one or two weeks ago and the necessary changes are in RELENG_6.
- Christian
--
Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org
GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc
GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-security/attachments/20070209/b70e2efd/attachment.pgp