Displaying 8 results from an estimated 8 matches for "auditreduc".
Did you mean:
auditreduce
2006 Oct 31
0
PSARC/2005/527 - new auditreduce(1m) selection options
Author: gww
Repository: /hg/zfs-crypto/gate
Revision: 322cd5db41c90d74236dc0bad43d5474dbea5d85
Log message:
PSARC/2005/527 - new auditreduce(1m) selection options
5071771 need sessionid option for auditreduce
Files:
update: usr/src/cmd/auditreduce/auditrd.h
update: usr/src/cmd/auditreduce/auditrt.h
update: usr/src/cmd/auditreduce/option.c
update: usr/src/cmd/auditreduce/token.c
2011 Jun 29
1
More questions about audit
...trib/openbsm|tools/regression)' | \
xargs grep -E "\<(audit|au_)"
shows, that only login(1), su(1), id(1) and sshd(1) uses audit. And
even sshd(8) raise question: it doesn't call setaudit(2)!
Even more, such command doesn't show anything about user login via
ssh:
auditreduce -m AUE_login /dev/auditpipe0 | praudit
Yes, I have "lo" class enabled for all users, and, yes,
auditreduce -r USER /dev/auditpipe0 | praudit
shows activity after login...
What do I do wrong?
P.S. Maybe, here is more adequate list for BSM Audit questions?
--
// Black Lion AKA...
2006 Jun 05
0
Heads up: OpenBSM 1.0a6, per-auditpipe preselection imported to CVS (fwd)
.../openbsm/bin/auditfilterd/Makefile.in
N src/contrib/openbsm/bin/auditfilterd/auditfilterd.8
N src/contrib/openbsm/bin/auditfilterd/auditfilterd.c
N src/contrib/openbsm/bin/auditfilterd/auditfilterd.h
N src/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c
U src/contrib/openbsm/bin/auditreduce/Makefile.am
U src/contrib/openbsm/bin/auditreduce/Makefile.in
U src/contrib/openbsm/bin/auditreduce/auditreduce.1
U src/contrib/openbsm/bin/auditreduce/auditreduce.c
U src/contrib/openbsm/bin/auditreduce/auditreduce.h
U src/contrib/openbsm/bin/praudit/Makefile.am
U src/contrib/op...
2006 Oct 31
0
PSARC/2002/762 Layered Trusted Solaris
...md/allocate/Makefile
update: usr/src/cmd/allocate/allocate.c
update: usr/src/cmd/allocate/allocate.h
update: usr/src/cmd/allocate/allocate3.c
update: usr/src/cmd/allocate/audio_clean.c
update: usr/src/cmd/allocate/mkdevalloc.c
update: usr/src/cmd/auditconfig/auditconfig.c
update: usr/src/cmd/auditreduce/Makefile
update: usr/src/cmd/auditreduce/auditr.h
update: usr/src/cmd/auditreduce/auditrd.h
update: usr/src/cmd/auditreduce/auditrt.h
update: usr/src/cmd/auditreduce/option.c
update: usr/src/cmd/auditreduce/token.c
update: usr/src/cmd/bsmconv/bsmconv.sh
update: usr/src/cmd/bsmunconv/bsmunco...
2007 Jul 14
2
OpenBSM questions
Hello
I have some issues with OpenBSM which i cannot resolve, so i decided to
ask there.
1) I found some bugs in the auditreduce utility and created patch for it
- http://www.freebsd.org/cgi/query-pr.cgi?pr=114534.
Please, someone from freebsd team - take it, i think its better to fix
this before next release.
2) I found that when i`m using XDM as login manager with OpenBSM, all my
audit events comes with subject -1, and...
2011 Jun 26
1
How to add new audit class?
Hello, Freebsd-security.
I want to create mixed audit class for ``security-sensible'' events.
For example, I need to audit:
exec*() syscalls from standard `pc' class, but not wait4() or
fork(), because fork() is not interesting (new process image is
security-sensible, not new process itself) and occurred too often
and create noise.
connect()/accept() from
2006 Oct 02
0
Audit handbook chapter review, call for general testing
...c/en_US.ISO8859-1/books/handbook/audit.html
The man pages installed as part of recent RELENG_6 and 6.2-BETA2 are also
pretty complete, and include more detailed reference information. The
audit(4) man page has a good set of cross-references to various commands
(audit(8), auditd(8), praudit(8), auditreduce(8)), as well as the audit
configuration files (audit_control(5), audit_user(5), etc).
Remember that audit support in 6.2-RELEASE will be considered experimental,
and has a number of known limitations (such as not fully auditing all
non-native FreeBSD system call interfaces, and not auditing al...
2008 Jan 01
3
Tracking user's activity
Greetings,
I've been looking for a proper way to to track down user's activity
inside the shell as I'm helping my colleague to configure a web
hosting and shell hosting server.
Someone have referred me to this article --
http://bsdtips.utcorp.net/mediawiki/index.php/Snoop which is using
'watch' commands to view user's activity once they logged in to the
server
I found