search for: setaudit

On a rather full customer web server, I am trying to track down whose web site script is trying to make outbound network connections when they should not be. In /etc/security/audit_control, I added to the flags line dir:/var/audit flags:lo,aa,-nt minfree:5 to log failed network connection. When I try an make an outbound connection to something that is blocked in pf, it seems to sometimes work.

http://bugzilla.mindrot.org/show_bug.cgi?id=125 alex.bell at bt.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |alex.bell at bt.com ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the

...d found strange thing: find . -name '*.c*' -print | \ grep -v -E '^./(sys|contrib/openbsm|tools/regression)' | \ xargs grep -E "\<(audit|au_)" shows, that only login(1), su(1), id(1) and sshd(1) uses audit. And even sshd(8) raise question: it doesn't call setaudit(2)! Even more, such command doesn't show anything about user login via ssh: auditreduce -m AUE_login /dev/auditpipe0 | praudit Yes, I have "lo" class enabled for all users, and, yes, auditreduce -r USER /dev/auditpipe0 | praudit shows activity after login... What do I do...

...ib/openbsm/man/audit_event.5 U src/contrib/openbsm/man/audit_user.5 U src/contrib/openbsm/man/audit_warn.5 U src/contrib/openbsm/man/auditctl.2 U src/contrib/openbsm/man/auditon.2 U src/contrib/openbsm/man/getaudit.2 U src/contrib/openbsm/man/getauid.2 U src/contrib/openbsm/man/setaudit.2 U src/contrib/openbsm/man/setauid.2 N src/contrib/openbsm/modules/Makefile.am N src/contrib/openbsm/modules/Makefile.in N src/contrib/openbsm/modules/auditfilter_noop/Makefile.am N src/contrib/openbsm/modules/auditfilter_noop/Makefile.in N src/contrib/openbsm/modules/auditfilter...