search for: auditing

Hi All, I'm trying a remote backup for the first time. It is between two laptops, I installed rsync 3.0.7 on both compiled patch -p1 <patches/fileflags.diff patch -p1 <patches/crtimes.diff patch -p1 <patches/crtimes-64bit.diff patch -p1 <patches/crtimes-hfs+.dif f patch -p1 <patches/hfs_compression.diff ./configure make this all works perfectly for local backups, clones

Hi, I have been battling something for a good hour and a half and finally realized how to ''solve'' the issue but I am very confused as of why I should do what I just did. I have 2 classes: class User has_many :audits ... end class Audit belongs_to :user ... end The way things need to work is to first create an audit and after the audit is created a user that has

...rg is running with the following options (CentOS 6 default settings): /usr/bin/Xorg :0 -nr -verbose -audit 4 -auth /var/run/gdm/auth-for-gdm-jQ4DVP/database -nolisten tcp vt1 Questions: * How can one find out which processes are responsible for these audit messages? * How can I stop auditing completely? With CentOS 5 Xorg ran with "audit 0" and I was unable to find the place where the audit level is set. * (more generally) What's auditing good/used for anyway? Any hint is appreciated. Cheers frank [cross-posted on lopsa-tech maillist]

Hi, I?ve posted this before but no one was able to help. I can?t figure out what they are trying to do, and if I should be concerned. I am running dovecot version 0.99.14 on Fedora Core 4. It appears that my dovecot server is under attack. This morning in my system e-mail I saw this: dovecot: Authentication Failures: rhost= : 23431 Time(s)

Dear 6-STABLE users, In the next 2-3 weeks, I plan to MFC support for CAPP security eventing auditing from 7-CURRENT to 6-STABLE. The implementation has been running quite nicely in -CURRENT for several months. Right now, I'm just waiting on a confirmation from Sun regarding formal allocation of a BSM header version number so as to avoid accidental version number conflicts in the future, w...

Dear 6-STABLE users, In the next 2-3 weeks, I plan to MFC support for CAPP security eventing auditing from 7-CURRENT to 6-STABLE. The implementation has been running quite nicely in -CURRENT for several months. Right now, I'm just waiting on a confirmation from Sun regarding formal allocation of a BSM header version number so as to avoid accidental version number conflicts in the future, w...

Assume the following question is in regards to Puppet 3.3.2. So my question is in relation to audit. file { ''/some/random/path/through/the/tree/to/a/file'': owner => ''luke'', group => ''rebelalliance'', mode => ''0444'', audit => all } And more specifically: will the named file be force-owned to luke with the

Rowland, Thank you for all your help, I agree that this is not a Samba issue. Given rhat it works without the firewall. It' either a ufw or Windows 8.1 issue. Louis, Applied the rules you suggested to ufw exactly as written. No change. Still cannot connect with firewall enabled. Same error mesage as before "Cannot mount location ...". ufw log set to medium and copied below.

Any ideas why a vfs module loads successfully then can't be found? [2005/01/30 03:52:08, 5] lib/util_seaccess.c:se_access_check(309) se_access_check: access (2) granted. [2005/01/30 03:52:08, 3] smbd/vfs.c:vfs_init_default(203) Initialising default vfs hooks [2005/01/30 03:52:08, 3] smbd/vfs.c:vfs_init_custom(229) Initialising custom vfs hooks from [/usr/lib/samba/vfs/audit.so]

Hello, On some machines being managed by Puppet I would like to perform targetted audit runs with "puppet -t --noop --tags audit" For better or for worse I am trying to do this with a separate module "audit" rather than add the audit => to the resources and use inheritence. i.e. class audit::resolver inherits resolver::config { notify{"Running audit on

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 11/04/2020 15:47 Alex JOST < <a href="mailto:jost+lists@dimejo.at">jost+lists@dimejo.at</a>> wrote: </div> <div>

Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot Dates: October 2016 - January 2017 dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53. The team found the following problems: ? 3 Low The Cure53

Im trying to identify how ssh 4.5 interacts with the audit subsystem within AIX 5.3. i get an event when a user logs in, but not when they exit via ssh. i can get it to work with telnet, however. It would seem to me that if an event is captured from the login, that the same would be true for the logout. I've opened a PMR w/IBM, but not getting very much help. below is an example of my

...ls to specify parameters for which audit records are of interest, including selecting records not required by the global trail. Allowing application interest specification without changing the global configuration allows intrusion detection systems to run without interfering with global auditing or each other (if multiple are present). To implement this: - Kernel audit records now carry a flag to indicate whether they have been selected by the global trail or by the audit pipe subsystem, set during record commit, so that this information is available after BSM conver...

mmmm... stable... :D /usr/src # make installworld ERROR: Required audit group is missing, see /usr/src/UPDATING. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. /usr/src # grep audit /usr/src/UPDATING /usr/src # ??? -- - Alfred Perlstein - CTO Okcupid.com / FreeBSD Hacker / All that jazz -

Hi, After configuring systemd unit with ReadWritePaths=/home/mail, I get the following error logs in audit: type=AVC msg=audit(1586604621.637:6736): avc: denied { write } for pid=12750 comm="imap" name="Maildir" dev="dm-3" ino=438370738 scontext=system_u:system_r:dovecot_t:s0 tcontext=unconfined_u:object_r:etc_runtime_t:s0 tclass=dir permissive=0 type=SYSCALL

...6.1? Or only for 6.2 or later? > > is there a website about all this stuff? "What's it for?" I'm sure I promised to answer exactly that question in my followup e-mail once the integration is done. :-) The quick answer is that this is an implementation of security event auditing, as required by the Orange Book C2 and later Common Criteria CAPP security evaluation/standard. These documents provide specifications for a set of functional requirements (and assurance requirements) regarding the behavior of operating systems with respect to security. One of the requirement...

Hi Manuel, It's been brought to my attention that my usage of the Phabricator Audit tool to track which commits have been reviewed is causing a large number of (almost) empty emails to be sent to the commit authors and anyone else added to the audit as a reviewer. Presumably there are some state change emails that we haven't blocked yet (e.g. the 'Accept commit' and 'Resign

Installed Packages Name : postfix Arch : x86_64 Epoch : 2 Version : 2.6.6 Release : 6.el6_5 Size : 9.7 M Repo : installed >From repo : updates I am seeing several of these in our maillog file after a restart of the Postfix service: Apr 23 12:48:27 inet08 setroubleshoot: SELinux is preventing /usr/libexec/postfix/smtp from 'read, write'

...references to various commands (audit(8), auditd(8), praudit(8), auditreduce(8)), as well as the audit configuration files (audit_control(5), audit_user(5), etc). Remember that audit support in 6.2-RELEASE will be considered experimental, and has a number of known limitations (such as not fully auditing all non-native FreeBSD system call interfaces, and not auditing all userland administrative events of interest), but it should be useful and usable enough to run on many production systems and contribute to system security. Thanks, Robert N M Watson Computer Laboratory University of Cambridge