search for: auditreduc

Author: gww Repository: /hg/zfs-crypto/gate Revision: 322cd5db41c90d74236dc0bad43d5474dbea5d85 Log message: PSARC/2005/527 - new auditreduce(1m) selection options 5071771 need sessionid option for auditreduce Files: update: usr/src/cmd/auditreduce/auditrd.h update: usr/src/cmd/auditreduce/auditrt.h update: usr/src/cmd/auditreduce/option.c update: usr/src/cmd/auditreduce/token.c

...trib/openbsm|tools/regression)' | \ xargs grep -E "\<(audit|au_)" shows, that only login(1), su(1), id(1) and sshd(1) uses audit. And even sshd(8) raise question: it doesn't call setaudit(2)! Even more, such command doesn't show anything about user login via ssh: auditreduce -m AUE_login /dev/auditpipe0 | praudit Yes, I have "lo" class enabled for all users, and, yes, auditreduce -r USER /dev/auditpipe0 | praudit shows activity after login... What do I do wrong? P.S. Maybe, here is more adequate list for BSM Audit questions? -- // Black Lion AKA...

.../openbsm/bin/auditfilterd/Makefile.in N src/contrib/openbsm/bin/auditfilterd/auditfilterd.8 N src/contrib/openbsm/bin/auditfilterd/auditfilterd.c N src/contrib/openbsm/bin/auditfilterd/auditfilterd.h N src/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c U src/contrib/openbsm/bin/auditreduce/Makefile.am U src/contrib/openbsm/bin/auditreduce/Makefile.in U src/contrib/openbsm/bin/auditreduce/auditreduce.1 U src/contrib/openbsm/bin/auditreduce/auditreduce.c U src/contrib/openbsm/bin/auditreduce/auditreduce.h U src/contrib/openbsm/bin/praudit/Makefile.am U src/contrib/op...

...md/allocate/Makefile update: usr/src/cmd/allocate/allocate.c update: usr/src/cmd/allocate/allocate.h update: usr/src/cmd/allocate/allocate3.c update: usr/src/cmd/allocate/audio_clean.c update: usr/src/cmd/allocate/mkdevalloc.c update: usr/src/cmd/auditconfig/auditconfig.c update: usr/src/cmd/auditreduce/Makefile update: usr/src/cmd/auditreduce/auditr.h update: usr/src/cmd/auditreduce/auditrd.h update: usr/src/cmd/auditreduce/auditrt.h update: usr/src/cmd/auditreduce/option.c update: usr/src/cmd/auditreduce/token.c update: usr/src/cmd/bsmconv/bsmconv.sh update: usr/src/cmd/bsmunconv/bsmunco...

Hello I have some issues with OpenBSM which i cannot resolve, so i decided to ask there. 1) I found some bugs in the auditreduce utility and created patch for it - http://www.freebsd.org/cgi/query-pr.cgi?pr=114534. Please, someone from freebsd team - take it, i think its better to fix this before next release. 2) I found that when i`m using XDM as login manager with OpenBSM, all my audit events comes with subject -1, and...

Hello, Freebsd-security. I want to create mixed audit class for ``security-sensible'' events. For example, I need to audit: exec*() syscalls from standard `pc' class, but not wait4() or fork(), because fork() is not interesting (new process image is security-sensible, not new process itself) and occurred too often and create noise. connect()/accept() from

...c/en_US.ISO8859-1/books/handbook/audit.html The man pages installed as part of recent RELENG_6 and 6.2-BETA2 are also pretty complete, and include more detailed reference information. The audit(4) man page has a good set of cross-references to various commands (audit(8), auditd(8), praudit(8), auditreduce(8)), as well as the audit configuration files (audit_control(5), audit_user(5), etc). Remember that audit support in 6.2-RELEASE will be considered experimental, and has a number of known limitations (such as not fully auditing all non-native FreeBSD system call interfaces, and not auditing al...

Greetings, I've been looking for a proper way to to track down user's activity inside the shell as I'm helping my colleague to configure a web hosting and shell hosting server. Someone have referred me to this article -- http://bsdtips.utcorp.net/mediawiki/index.php/Snoop which is using 'watch' commands to view user's activity once they logged in to the server I found