search for: audits

Hi All, I'm trying a remote backup for the first time. It is between two laptops, I installed rsync 3.0.7 on both compiled patch -p1 <patches/fileflags.diff patch -p1 <patches/crtimes.diff patch -p1 <patches/crtimes-64bit.diff patch -p1 <patches/crtimes-hfs+.dif f patch -p1 <patches/hfs_compression.diff ./configure make this all works perfectly for local backups, clones

Hi, I have been battling something for a good hour and a half and finally realized how to ''solve'' the issue but I am very confused as of why I should do what I just did. I have 2 classes: class User has_many :audits ... end class Audit belongs_to :user ... end The way things need to work is to first create an audit and after the audit is created a user that has access to the audit gets created. This has to work this way and not the other way around. I have been testing my code in the console with the...

Hi, on a CentOS 6.4-workstation we have the problem, that Xorg fills up /var/log/Xorg.0.log with AUDIT messages faster than one can read. Within four hours the logfile grew to 160 MB and usually within 1-2 days applications and sometimes the OS crash because /var becomes full. Here a small extract of /var/log/Xorg.0.log: [...] [ 24272.458] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28

Hi, I?ve posted this before but no one was able to help. I can?t figure out what they are trying to do, and if I should be concerned. I am running dovecot version 0.99.14 on Fedora Core 4. It appears that my dovecot server is under attack. This morning in my system e-mail I saw this: dovecot: Authentication Failures: rhost= : 23431 Time(s)

Dear 6-STABLE users, In the next 2-3 weeks, I plan to MFC support for CAPP security eventing auditing from 7-CURRENT to 6-STABLE. The implementation has been running quite nicely in -CURRENT for several months. Right now, I'm just waiting on a confirmation from Sun regarding formal allocation of a BSM header version number so as to avoid accidental version number conflicts in the

Dear 6-STABLE users, In the next 2-3 weeks, I plan to MFC support for CAPP security eventing auditing from 7-CURRENT to 6-STABLE. The implementation has been running quite nicely in -CURRENT for several months. Right now, I'm just waiting on a confirmation from Sun regarding formal allocation of a BSM header version number so as to avoid accidental version number conflicts in the

Assume the following question is in regards to Puppet 3.3.2. So my question is in relation to audit. file { ''/some/random/path/through/the/tree/to/a/file'': owner => ''luke'', group => ''rebelalliance'', mode => ''0444'', audit => all } And more specifically: will the named file be force-owned to luke with the

Rowland, Thank you for all your help, I agree that this is not a Samba issue. Given rhat it works without the firewall. It' either a ufw or Windows 8.1 issue. Louis, Applied the rules you suggested to ufw exactly as written. No change. Still cannot connect with firewall enabled. Same error mesage as before "Cannot mount location ...". ufw log set to medium and copied below.

Any ideas why a vfs module loads successfully then can't be found? [2005/01/30 03:52:08, 5] lib/util_seaccess.c:se_access_check(309) se_access_check: access (2) granted. [2005/01/30 03:52:08, 3] smbd/vfs.c:vfs_init_default(203) Initialising default vfs hooks [2005/01/30 03:52:08, 3] smbd/vfs.c:vfs_init_custom(229) Initialising custom vfs hooks from [/usr/lib/samba/vfs/audit.so]

Hello, On some machines being managed by Puppet I would like to perform targetted audit runs with "puppet -t --noop --tags audit" For better or for worse I am trying to do this with a separate module "audit" rather than add the audit => to the resources and use inheritence. i.e. class audit::resolver inherits resolver::config { notify{"Running audit on

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 11/04/2020 15:47 Alex JOST < <a href="mailto:jost+lists@dimejo.at">jost+lists@dimejo.at</a>> wrote: </div> <div>

Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot Dates: October 2016 - January 2017 dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53. The team found the following problems: ? 3 Low The Cure53

Im trying to identify how ssh 4.5 interacts with the audit subsystem within AIX 5.3. i get an event when a user logs in, but not when they exit via ssh. i can get it to work with telnet, however. It would seem to me that if an event is captured from the login, that the same would be true for the logout. I've opened a PMR w/IBM, but not getting very much help. below is an example of my

FYI for those working with audit and intrusion detection on FreeBSD. Robert N M Watson ---------- Forwarded message ---------- Date: Mon, 5 Jun 2006 17:01:04 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: current@FreeBSD.org Cc: trustedbsd-audit@TrustedBSD.org Subject: Heads up: OpenBSM 1.0a6, per-auditpipe preselection imported to CVS This is a heads up to current@ users

mmmm... stable... :D /usr/src # make installworld ERROR: Required audit group is missing, see /usr/src/UPDATING. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. /usr/src # grep audit /usr/src/UPDATING /usr/src # ??? -- - Alfred Perlstein - CTO Okcupid.com / FreeBSD Hacker / All that jazz -

Hi, After configuring systemd unit with ReadWritePaths=/home/mail, I get the following error logs in audit: type=AVC msg=audit(1586604621.637:6736): avc: denied { write } for pid=12750 comm="imap" name="Maildir" dev="dm-3" ino=438370738 scontext=system_u:system_r:dovecot_t:s0 tcontext=unconfined_u:object_r:etc_runtime_t:s0 tclass=dir permissive=0 type=SYSCALL

FYI, since this is probably of interest to subscribers of this mailing list also. Robert N M Watson ---------- Forwarded message ---------- Date: Wed, 1 Feb 2006 22:55:40 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Julian Elischer <julian@elischer.org> Cc: trustedbsd-audit@TrustedBSD.org, K?vesd?n G?bor <gabor.kovesdan@t-hosting.hu>, current@freebsd.org

Hi Manuel, It's been brought to my attention that my usage of the Phabricator Audit tool to track which commits have been reviewed is causing a large number of (almost) empty emails to be sent to the commit authors and anyone else added to the audit as a reviewer. Presumably there are some state change emails that we haven't blocked yet (e.g. the 'Accept commit' and 'Resign

Installed Packages Name : postfix Arch : x86_64 Epoch : 2 Version : 2.6.6 Release : 6.el6_5 Size : 9.7 M Repo : installed >From repo : updates I am seeing several of these in our maillog file after a restart of the Postfix service: Apr 23 12:48:27 inet08 setroubleshoot: SELinux is preventing /usr/libexec/postfix/smtp from 'read, write'

Dear All, Over the past week or so, I have spent some time updating Tom Rhodes' excellent FreeBSD Handbook chapter on Audit for some of the more recent audit changes, such as new features in more recent OpenBSM versions. Since FreeBSD 6.2-BETA2 contains what is likely the final drop of the audit code (modulo any bug fixes) for 6.2-RELEASE, now would be a great time for people interested