search for: praudit

...xargs grep -E "\<(audit|au_)" shows, that only login(1), su(1), id(1) and sshd(1) uses audit. And even sshd(8) raise question: it doesn't call setaudit(2)! Even more, such command doesn't show anything about user login via ssh: auditreduce -m AUE_login /dev/auditpipe0 | praudit Yes, I have "lo" class enabled for all users, and, yes, auditreduce -r USER /dev/auditpipe0 | praudit shows activity after login... What do I do wrong? P.S. Maybe, here is more adequate list for BSM Audit questions? -- // Black Lion AKA Lev Serebryakov <lev@FreeBSD.org>

...U src/contrib/openbsm/bin/auditreduce/Makefile.am U src/contrib/openbsm/bin/auditreduce/Makefile.in U src/contrib/openbsm/bin/auditreduce/auditreduce.1 U src/contrib/openbsm/bin/auditreduce/auditreduce.c U src/contrib/openbsm/bin/auditreduce/auditreduce.h U src/contrib/openbsm/bin/praudit/Makefile.am U src/contrib/openbsm/bin/praudit/Makefile.in U src/contrib/openbsm/bin/praudit/praudit.1 U src/contrib/openbsm/bin/praudit/praudit.c U src/contrib/openbsm/bsm/Makefile.am U src/contrib/openbsm/bsm/Makefile.in U src/contrib/openbsm/bsm/audit.h N src/contrib/openbsm/...

Hello, Running RELENG_7 (and HEAD too), and I can't find the auditpipe device. Is there anything which should be set in order to make it useable? auditd runs and logs to /var/audit, which I can read with praudit. Thanks,

...tel/ia32/genunix/Makefile update: usr/src/cmd/mdb/sparc/v9/genunix/Makefile update: usr/src/cmd/netfiles/nsswitch.dns update: usr/src/cmd/netfiles/nsswitch.files update: usr/src/cmd/netfiles/nsswitch.ldap update: usr/src/cmd/nscd/server.c update: usr/src/cmd/nscd/svc-nscd update: usr/src/cmd/praudit/Makefile update: usr/src/cmd/praudit/token.c update: usr/src/cmd/praudit/toktable.c update: usr/src/cmd/praudit/toktable.h update: usr/src/cmd/print/gateway/adaptor.c update: usr/src/cmd/print/gateway/adaptor.h update: usr/src/cmd/print/gateway/main.c update: usr/src/cmd/ptools/ppriv/ppriv.c...

...eebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html The man pages installed as part of recent RELENG_6 and 6.2-BETA2 are also pretty complete, and include more detailed reference information. The audit(4) man page has a good set of cross-references to various commands (audit(8), auditd(8), praudit(8), auditreduce(8)), as well as the audit configuration files (audit_control(5), audit_user(5), etc). Remember that audit support in 6.2-RELEASE will be considered experimental, and has a number of known limitations (such as not fully auditing all non-native FreeBSD system call interfaces, and...

A few weeks back Robert Watson announced the merge of these features from 7 back into 6-STABLE. I hadn't seen any updates and was curious as to the status. Us 6-STABLE users are curious to test it out. Thanks. --A

...ms to sometimes work. eg. from the command line, if I manually try via telnet 8.8.8.8 25 pf shows 17:03:23.572682 rule 433/0(match): block out on em0: 64.7.x.x.17017 > 8.8.8.8.25: Flags [S], seq 1420411574, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS val 177061484 ecr 0], length 0 and praudit records it as expected including the userid who tried to do it. header,79,11,connect(2),0,Sun Jan 6 17:06:04 2013, + 439 msec,argument,1,0x3,fd,subject,tw,tw,tw,tw,tw,54100,54064,13556,64.7.yy.yy,return,failure : Operation not permitted,4294967295,trailer,79, But if I make a simple php script t...

http://bugzilla.mindrot.org/show_bug.cgi?id=125 alex.bell at bt.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |alex.bell at bt.com ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the

...urity Module prior to Solaris 11), and "solaris" ! (Sun's Audit infrastructure from Solaris 11) are supported. README.platform =============== ! Solaris ! ------- ! Prior to Solaris 11 ! ------------------- If you enable BSM auditing on Solaris, you need to update audit_event(4) for praudit(1m) to give sensible output. The following line needs to be added to /etc/security/audit_event: 32800:AUE_openssh:OpenSSH login:lo The BSM audit event range available for third party TCB applications is 32768 - 65535. Event number 32800 has been choosen for AUE_openssh. There is no off...

Greetings, I've been looking for a proper way to to track down user's activity inside the shell as I'm helping my colleague to configure a web hosting and shell hosting server. Someone have referred me to this article -- http://bsdtips.utcorp.net/mediawiki/index.php/Snoop which is using 'watch' commands to view user's activity once they logged in to the server I found

...* write Additional Capsicum changes are in review: * b64decode, b64encode, uudecode, uuencode * brandelf * dma-mbox-create * elf2aout * file * head * hexdump * iconv * ident * jot * ktrdump * lam * last * ministat * praudit * strings An additional syscall (getdtablesize) and additional sysctls (kern.proc.nfds, kern.hostname, etc.) are now permitted in capability mode. Capability rights are now propagated to child descriptors on accept(2). Capsicum is now enabled in the 32-bit compatibility sysca...

...* write Additional Capsicum changes are in review: * b64decode, b64encode, uudecode, uuencode * brandelf * dma-mbox-create * elf2aout * file * head * hexdump * iconv * ident * jot * ktrdump * lam * last * ministat * praudit * strings An additional syscall (getdtablesize) and additional sysctls (kern.proc.nfds, kern.hostname, etc.) are now permitted in capability mode. Capability rights are now propagated to child descriptors on accept(2). Capsicum is now enabled in the 32-bit compatibility sysca...