Displaying 10 results from an estimated 10 matches for "audit_control".
2000 Dec 17
2
Portable OpenSSH Solaris UseLogin Issue
Greetings,
In order to use solaris's BSM (Basic security module) also called c2 audit,
which logs specific kernel calls depending on your audit_control,
I would need to use login(1) to log users exec calls and whatnot because
Portable OpenSSH does not have <bsm/audit.h> support, now that would mean I
would have to enable Uselogin in sshd_config in order for that to work.
I am running openssh's latest portable version on Solaris 7 core i...
2007 Feb 08
1
audit problems
...'t seem to log anything except login messages. The only thing
I've modified in config is the root user specification in audit_users.
Now it looks like this:
root:lo,ex,fw,fc:no
However nor ex, non fw or fc messages doesn't get into the log.
Furthermore, deleting lo from audit_users and audit_control doesn't stop
login messages logging.
Is it possible that some other kernel options interfere with AUDIT
(e.g. MAC)?
Thanks!
--
Stanislav Sedov
ST4096-RIPE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 1...
2006 Sep 20
2
Status of MFC security event audit support in RELENG_6?
A few weeks back Robert Watson announced the merge of these features from 7
back into 6-STABLE. I hadn't seen any updates and was curious as to the
status. Us 6-STABLE users are curious to test it out.
Thanks.
--A
2011 Dec 07
1
lxc capabilities
...some way to control the capabilities assigned to the container processes.
With lxc-tools, I can specify a configuration option, lxc.cap.drop,
which causes the container processes to drop the specified privileges.
My libvirt containers seem to run with
cap_sys_module,cap_sys_boot,cap_sys_time,cap_audit_control,cap_mac_admin
which is rather more permissive than I'd like. In particular,
cap_sys_boot allows a container to reboot the host machine.
I am running libvirt-0.9.2 from squeeze-backports on debian squeeze.
Cheers,
-C-
2007 Sep 29
0
Why are most audit events apparently non-attributable?
So I'm exploring AUDIT and have this in /etc/security/audit_control:
dir:/var/audit
flags:lo,fd
minfree:20
naflags:lo
policy:cnt
filesz:0
I tell auditd to reread the config file with audit -s but no file
deletion events are logged.
I change the config file to:
dir:/var/audit
flags:lo
minfree:20
naflags:lo,fd
policy:cnt
filesz:0
I type audit -s and am immediate...
2007 Sep 29
0
Why are audit events apparently non-attributable?
So I'm exploring AUDIT and have this in /etc/security/audit_control:
dir:/var/audit
flags:lo,fd
minfree:20
naflags:lo
policy:cnt
filesz:0
I tell auditd to reread the config file with audit -s but no file
deletion events are logged.
I change the config file to:
dir:/var/audit
flags:lo
minfree:20
naflags:lo,fd
policy:cnt
filesz:0
I type audit -s and am immediate...
2006 Oct 02
0
Audit handbook chapter review, call for general testing
...nstalled as part of recent RELENG_6 and 6.2-BETA2 are also
pretty complete, and include more detailed reference information. The
audit(4) man page has a good set of cross-references to various commands
(audit(8), auditd(8), praudit(8), auditreduce(8)), as well as the audit
configuration files (audit_control(5), audit_user(5), etc).
Remember that audit support in 6.2-RELEASE will be considered experimental,
and has a number of known limitations (such as not fully auditing all
non-native FreeBSD system call interfaces, and not auditing all userland
administrative events of interest), but it should b...
2006 Jun 05
0
Heads up: OpenBSM 1.0a6, per-auditpipe preselection imported to CVS (fwd)
...sm/config/config.h.in
U src/contrib/openbsm/config/config.sub
U src/contrib/openbsm/config/depcomp
U src/contrib/openbsm/config/install-sh
U src/contrib/openbsm/config/ltmain.sh
U src/contrib/openbsm/config/missing
U src/contrib/openbsm/etc/audit_class
U src/contrib/openbsm/etc/audit_control
U src/contrib/openbsm/etc/audit_event
N src/contrib/openbsm/etc/audit_filter
U src/contrib/openbsm/etc/audit_user
U src/contrib/openbsm/etc/audit_warn
U src/contrib/openbsm/libbsm/Makefile.am
U src/contrib/openbsm/libbsm/Makefile.in
U src/contrib/openbsm/libbsm/au_class.3
U...
2013 Jan 06
2
audit events confusion
On a rather full customer web server, I am trying to track down whose
web site script is trying to make outbound network connections when they
should not be. In /etc/security/audit_control, I added to the flags line
dir:/var/audit
flags:lo,aa,-nt
minfree:5
to log failed network connection. When I try an make an outbound
connection to something that is blocked in pf, it seems to sometimes
work. eg. from the command line, if I manually try via telnet 8.8.8.8 25
pf shows
17:03:23.5...
2008 Jan 01
3
Tracking user's activity
Greetings,
I've been looking for a proper way to to track down user's activity
inside the shell as I'm helping my colleague to configure a web
hosting and shell hosting server.
Someone have referred me to this article --
http://bsdtips.utcorp.net/mediawiki/index.php/Snoop which is using
'watch' commands to view user's activity once they logged in to the
server
I found