search for: audit

...tly for local backups, clones etc. Everything gets copied as is to the volume. I have tried without ssh keys, with keys, keys with and without passwords (via ssh-agent) and it all works except that it won't copy the correct permissions on System files example run with locked system folder var/audit going to servername at 100.102.15.4 (not my real address here of course): sudo /rsync -aNHAXx --protect-args --fileflags --protect-decmpfs --force-change --stats --progress -vvv --rsync-path=/rsync /private/var/audit servername at 100.102.15.4:/Volumes/Extra/eee Ignore ownership unchecked on d...

Hi, I have been battling something for a good hour and a half and finally realized how to ''solve'' the issue but I am very confused as of why I should do what I just did. I have 2 classes: class User has_many :audits ... end class Audit belongs_to :user ... end The way things need to work is to first create an audit and after the audit is created a user that has access to the audit gets created. This has to work this way and not the other way around. I have been testing my code in the console with the...

Hi, on a CentOS 6.4-workstation we have the problem, that Xorg fills up /var/log/Xorg.0.log with AUDIT messages faster than one can read. Within four hours the logfile grew to 160 MB and usually within 1-2 days applications and sometimes the OS crash because /var becomes full. Here a small extract of /var/log/Xorg.0.log: [...] [ 24272.458] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconn...

...ator ./messages:Jun 15 23:31:55 lambdacenter dovecot(pam_unix)[17080]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=operator ./messages:Jun 15 23:32:11 lambdacenter dovecot(pam_unix)[17182]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=operator ./audit/audit.log:type=USER_AUTH msg=audit(1181971858.967:156312): user pid=15512 uid=0 auid=4294967295 msg='PAM authentication: user=operator exe="/usr/libexec/dovecot/dovecot-auth" (hostname=?, addr=?, terminal=? result=Authentication failure)' ./audit/audit.log:type=USER_AUTH msg=audi...

Dear 6-STABLE users, In the next 2-3 weeks, I plan to MFC support for CAPP security eventing auditing from 7-CURRENT to 6-STABLE. The implementation has been running quite nicely in -CURRENT for several months. Right now, I'm just waiting on a confirmation from Sun regarding formal allocation of a BSM header version number so as to avoid accidental version number conflicts in the future...

Dear 6-STABLE users, In the next 2-3 weeks, I plan to MFC support for CAPP security eventing auditing from 7-CURRENT to 6-STABLE. The implementation has been running quite nicely in -CURRENT for several months. Right now, I'm just waiting on a confirmation from Sun regarding formal allocation of a BSM header version number so as to avoid accidental version number conflicts in the future...

Assume the following question is in regards to Puppet 3.3.2. So my question is in relation to audit. file { ''/some/random/path/through/the/tree/to/a/file'': owner => ''luke'', group => ''rebelalliance'', mode => ''0444'', audit => all } And more specifically: will the named file be force-owned to luke with the...

...dows 8.1 issue. Louis, Applied the rules you suggested to ufw exactly as written. No change. Still cannot connect with firewall enabled. Same error mesage as before "Cannot mount location ...". ufw log set to medium and copied below. Feb 4 10:00:42 radio kernel: [ 354.238099] [UFW AUDIT] IN=enp2s5 OUT= MAC=ff:ff:ff:ff:ff:ff:74:27:ea:ab:1e:e0:08:00 SRC=192.168.254.15 DST=192.168.254.255 LEN=203 TOS=0x00 PREC=0x00 TTL=128 ID=7217 PROTO=UDP SPT=138 DPT=138 LEN=183 Feb 4 10:00:42 radio kernel: [ 354.238501] [UFW AUDIT] IN= OUT=enp2s5 SRC=192.168.254.39 DST=192.168.254.255 LEN=78 TOS...

...0 03:52:08, 5] lib/util_seaccess.c:se_access_check(309) se_access_check: access (2) granted. [2005/01/30 03:52:08, 3] smbd/vfs.c:vfs_init_default(203) Initialising default vfs hooks [2005/01/30 03:52:08, 3] smbd/vfs.c:vfs_init_custom(229) Initialising custom vfs hooks from [/usr/lib/samba/vfs/audit.so] [2005/01/30 03:52:08, 5] lib/module.c:smb_probe_module(101) Probing module '/usr/lib/samba/vfs/audit.so' [2005/01/30 03:52:08, 5] smbd/vfs.c:smb_register_vfs(193) Successfully added vfs backend 'audit' [2005/01/30 03:52:08, 2] lib/module.c:do_smb_load_module(63) Module ...

Hello, On some machines being managed by Puppet I would like to perform targetted audit runs with "puppet -t --noop --tags audit" For better or for worse I am trying to do this with a separate module "audit" rather than add the audit => to the resources and use inheritence. i.e. class audit::resolver inherits resolver::config { notify{"Running audit...

.../div> <blockquote type="cite"> <div> Hi, </div> <div> <br> </div> <div> After configuring systemd unit with ReadWritePaths=/home/mail, I get the </div> <div> following error logs in audit: </div> <div> type=AVC msg=audit(1586604621.637:6736): avc: denied { write } for </div> <div> pid=12750 comm="imap" name="Maildir" dev="dm-3" ino=438370738 </div> <div> scontext=system_u:system_...

Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot Dates: October 2016 - January 2017 dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53...

Im trying to identify how ssh 4.5 interacts with the audit subsystem within AIX 5.3. i get an event when a user logs in, but not when they exit via ssh. i can get it to work with telnet, however. It would seem to me that if an event is captured from the login, that the same would be true for the logout. I've opened a PMR w/IBM, but not getting very...

FYI for those working with audit and intrusion detection on FreeBSD. Robert N M Watson ---------- Forwarded message ---------- Date: Mon, 5 Jun 2006 17:01:04 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: current@FreeBSD.org Cc: trustedbsd-audit@TrustedBSD.org Subject: Heads up: OpenBSM 1.0a6, per-auditpipe pres...

mmmm... stable... :D /usr/src # make installworld ERROR: Required audit group is missing, see /usr/src/UPDATING. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. /usr/src # grep audit /usr/src/UPDATING /usr/src # ??? -- - Alfred Perlstein - CTO Okcupid.com / FreeBSD Hacker / All that jazz -

Hi, After configuring systemd unit with ReadWritePaths=/home/mail, I get the following error logs in audit: type=AVC msg=audit(1586604621.637:6736): avc: denied { write } for pid=12750 comm="imap" name="Maildir" dev="dm-3" ino=438370738 scontext=system_u:system_r:dovecot_t:s0 tcontext=unconfined_u:object_r:etc_runtime_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1...

FYI, since this is probably of interest to subscribers of this mailing list also. Robert N M Watson ---------- Forwarded message ---------- Date: Wed, 1 Feb 2006 22:55:40 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Julian Elischer <julian@elischer.org> Cc: trustedbsd-audit@TrustedBSD.org, K?vesd?n G?bor <gabor.kovesdan@t-hosting.hu>, current@freebsd.org Subject: Re: HEADS UP: Audit integration into CVS in progress, some tree disruption On Wed, 1 Feb 2006, Julian Elischer wrote: >>> I'll send out follow-up e-mail once the worst is past,...

Hi Manuel, It's been brought to my attention that my usage of the Phabricator Audit tool to track which commits have been reviewed is causing a large number of (almost) empty emails to be sent to the commit authors and anyone else added to the audit as a reviewer. Presumably there are some state change emails that we haven't blocked yet (e.g. the 'Accept commit' and &...

...) suggests *************************** If you believe that smtp should be allowed read write access on the 546AA6099F file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep smtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp grep 546AA6099F /var/log/audit/audit.log | audit2why type=AVC msg=audit(1398199187.646:29332): avc: denied { getattr } for pid=23387 comm="smtp" path="/var/spool/postfix/active/546AA6099F" dev=dm-0 ino=395679 scontext...

Dear All, Over the past week or so, I have spent some time updating Tom Rhodes' excellent FreeBSD Handbook chapter on Audit for some of the more recent audit changes, such as new features in more recent OpenBSM versions. Since FreeBSD 6.2-BETA2 contains what is likely the final drop of the audit code (modulo any bug fixes) for 6.2-RELEASE, now would be a great time for people interested in Audit to read the handboo...