search for: audit_ev

Local end (receiving): 3.0.2, 3.0.3pre2 Remote end (sending): 2.6.9 Under 3.0.x, rsync sometimes prints an "Invalid argument" error when moving sockets to the backup directory (--backup-dir): rsync: mknod "/backup/machine/../machine-before-4/var/run/audit_events" failed: Invalid argument (22) The problem appears to be that, at least with sockets, keep_backup() is calling do_mknod() with garbage in the third parameter (dev). When I add some debug output to do_mknod(): printf("mknod pathname=%s, mode=%d, dev=%llu\n", pathname, mode, d...

http://bugzilla.mindrot.org/show_bug.cgi?id=125 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #619 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2004-05-31 23:25 -------

...ew process itself) and occurred too often and create noise. connect()/accept() from "nt", but not setsockopt(), for the same reasons. And so on. How should I create new system class? What need to be putted into "classmask" in audit_class(5)? How should I edit audit_event(5) file, as it seems, that one event could belong only to one class, and I don't want to remove these events from their natural classes. -- // Black Lion AKA Lev Serebryakov <lev@FreeBSD.org>

http://bugzilla.mindrot.org/show_bug.cgi?id=125 alex.bell at bt.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |alex.bell at bt.com ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the

...;s Legacy Basic Security Module prior to Solaris 11), and "solaris" ! (Sun's Audit infrastructure from Solaris 11) are supported. README.platform =============== ! Solaris ! ------- ! Prior to Solaris 11 ! ------------------- If you enable BSM auditing on Solaris, you need to update audit_event(4) for praudit(1m) to give sensible output. The following line needs to be added to /etc/security/audit_event: 32800:AUE_openssh:OpenSSH login:lo The BSM audit event range available for third party TCB applications is 32768 - 65535. Event number 32800 has been choosen for AUE_openss...

Hello, Freebsd-security. I'm grepping all sources for programs, which support audit and found strange thing: find . -name '*.c*' -print | \ grep -v -E '^./(sys|contrib/openbsm|tools/regression)' | \ xargs grep -E "\<(audit|au_)" shows, that only login(1), su(1), id(1) and sshd(1) uses audit. And even sshd(8) raise question: it doesn't call

...is known to work with Darwin 8 and +MacOS X 10.4 in Point-to-Point (Layer 3) and Ethernet (Layer 2) mode +using a third party driver. More information is available at: + http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ + + Solaris ------- If you enable BSM auditing on Solaris, you need to update audit_event(4) --- configure.orig 2006-02-13 19:16:02.000000000 -0800 +++ configure 2006-02-13 18:28:39.000000000 -0800 @@ -5285,6 +5285,21 @@ cat >>confdefs.h <<_ACEOF #define BIND_8_COMPAT 1 _ACEOF + +cat >>confdefs.h <<\_ACEOF +#define SSH_TUN_FREEBSD 1 +_ACEOF + + +cat >&g...

...type of query (template) that crashes it, I know this is not too helpful as you cannot run it, but maybe someone spots a certain pattern in it: SELECT TIMESTAMP, VALUE, VM FROM (WITH ev AS (SELECT audit_key_new key, audit_date dt, audit_batch_nbr, audit_date FROM dots_audit.audit_event WHERE table_name='VALUE_PROPERTY_MAP'), jfsm AS (SELECT audit_key, fund_id, fund_mult FROM dots_audit.value_property_map WHERE property_id='%s' UNION SELECT audit_key, value_id, value_mult FROM dots.value_property_map WHERE...

http://bugzilla.mindrot.org/show_bug.cgi?id=2 Michael.Gerdts at alcatel.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Michael.Gerdts at alcatel.com ------- You are receiving this mail because: ------- You are the assignee for the bug, or are

...bsm/config/config.sub U src/contrib/openbsm/config/depcomp U src/contrib/openbsm/config/install-sh U src/contrib/openbsm/config/ltmain.sh U src/contrib/openbsm/config/missing U src/contrib/openbsm/etc/audit_class U src/contrib/openbsm/etc/audit_control U src/contrib/openbsm/etc/audit_event N src/contrib/openbsm/etc/audit_filter U src/contrib/openbsm/etc/audit_user U src/contrib/openbsm/etc/audit_warn U src/contrib/openbsm/libbsm/Makefile.am U src/contrib/openbsm/libbsm/Makefile.in U src/contrib/openbsm/libbsm/au_class.3 U src/contrib/openbsm/libbsm/au_control....

...o.h create: usr/src/uts/common/inet/kssl/ksslrec.c create: usr/src/uts/common/inet/tcp/tcp_kssl.c create: usr/src/uts/intel/kssl/Makefile create: usr/src/uts/sparc/kssl/Makefile update: usr/src/cmd/cmd-inet/usr.sbin/Makefile update: usr/src/cmd/devfsadm/misc_link.c update: usr/src/lib/libbsm/audit_event.txt update: usr/src/lib/libsecdb/exec_attr.txt update: usr/src/pkgdefs/SUNWckr/prototype_com update: usr/src/pkgdefs/SUNWckr/prototype_i386 update: usr/src/pkgdefs/SUNWckr/prototype_sparc update: usr/src/pkgdefs/SUNWcsr/prototype_com update: usr/src/pkgdefs/SUNWcsu/prototype_com update: u...

...nction ?bsm_audit_bad_login?: audit-bsm.c:258:15: error: ?BSM_TEXTBUFSZ? undeclared (first use in this function) audit-bsm.c:258:15: note: each undeclared identifier is reported only once for each function it appears in audit-bsm.c:258:7: warning: unused variable ?textbuf? audit-bsm.c: In function ?audit_event?: audit-bsm.c:322:18: error: ?BSM_TEXTBUFSZ? undeclared (first use in this function) audit-bsm.c:322:10: warning: unused variable ?textbuf? *** Error code 1 make: Fatal error: Command failed for target `audit-bsm.o' -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email...

http://bugzilla.mindrot.org/show_bug.cgi?id=974 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |enhancement Platform|HPPA |All Summary|Enhancement : Record |Record Badlogins for

http://bugzilla.mindrot.org/show_bug.cgi?id=125 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|major |enhancement ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

On Sun, Mar 01, 2015 at 03:23:04AM +1100, Damien Miller wrote: > > > On Sat, 28 Feb 2015, The Doctor wrote: > > > BSD/OS issues > > > > with 1.0.2a dev > > Thanks for testing. > You are welcome. > > make tests > > > > regress/netcat.c:656: `on' undeclared (first use in this function) > > regress/netcat.c:656: (Each

Hi, sifting through my system's logs, I noticed many break-in attempts by rogue ssh clients trying long lists of common passwords. For some time now I pondered different approaches to counter these, but could not come up with a solution that really satisfied me. I finally reached the conclusion that any countermeasures required support in sshd itself, and created the attached patch. If

...(compat20) { @@ -1708,11 +1714,12 @@ main(int ac, char **av) * If we use privilege separation, the unprivileged child transfers * the current keystate and exits */ +#ifdef USE_PRIVSEP if (use_privsep) { mm_send_keystate(pmonitor); exit(0); } - +#endif authenticated: #ifdef SSH_AUDIT_EVENTS audit_event(SSH_AUTH_SUCCESS); -- dwmw2

...date: usr/src/lib/auditd_plugins/syslog/systoken.c update: usr/src/lib/auditd_plugins/syslog/systoken.h update: usr/src/lib/common/inc/c_synonyms.h update: usr/src/lib/libbsm/Makefile update: usr/src/lib/libbsm/Makefile.com update: usr/src/lib/libbsm/audit_class.txt update: usr/src/lib/libbsm/audit_event.txt update: usr/src/lib/libbsm/common/adt_token.c update: usr/src/lib/libbsm/common/au_to.c update: usr/src/lib/libbsm/common/audit_allocate.c update: usr/src/lib/libbsm/common/audit_ftpd.c update: usr/src/lib/libbsm/common/audit_rexd.c update: usr/src/lib/libbsm/common/audit_rexecd.c upd...

https://bugzilla.mindrot.org/show_bug.cgi?id=2167 Bug ID: 2167 Summary: Connection remains when fork() fails. Product: Portable OpenSSH Version: 5.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

...02. debug2: fd 9 setting O_NONBLOCK debug3: fd 9 is O_NONBLOCK debug1: channel 0: new [port listener] debug3: send packet: type 81 packet_write_wait: Connection from 127.0.0.1 port 60879: Broken pipe debug1: do_cleanup debug3: mm_request_receive entering debug1: do_cleanup debug1: audit_event: unhandled event 12 FAIL: failed copy of /bin/ls trace: config file: transfer over forwarded channels and check result dWCUHL3hrO9Sb+pyo0ZTZvaU debug3: notify_hostkeys: sent 2 hostkeys debug3: send packet: type 80 debug1: Entering interactive session for SSH2. debug2: fd 7 setti...