similar to: Why are most audit events apparently non-attributable?

So I'm exploring AUDIT and have this in /etc/security/audit_control: dir:/var/audit flags:lo,fd minfree:20 naflags:lo policy:cnt filesz:0 I tell auditd to reread the config file with audit -s but no file deletion events are logged. I change the config file to: dir:/var/audit flags:lo minfree:20 naflags:lo,fd policy:cnt filesz:0 I type audit -s and am immediately flooded with 20 kilobytes

On a rather full customer web server, I am trying to track down whose web site script is trying to make outbound network connections when they should not be. In /etc/security/audit_control, I added to the flags line dir:/var/audit flags:lo,aa,-nt minfree:5 to log failed network connection. When I try an make an outbound connection to something that is blocked in pf, it seems to sometimes work.

FYI for those working with audit and intrusion detection on FreeBSD. Robert N M Watson ---------- Forwarded message ---------- Date: Mon, 5 Jun 2006 17:01:04 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: current@FreeBSD.org Cc: trustedbsd-audit@TrustedBSD.org Subject: Heads up: OpenBSM 1.0a6, per-auditpipe preselection imported to CVS This is a heads up to current@ users

Hi all, I've a simple program called empty.c :) $ cat empty.c int main(int argc, char* argv[]) { return 0; } $ cat empty410.s .file "empty.c" .text .p2align 4,,15 .globl main .type main, @function main: xorl %eax, %eax ret .size main, .-main .ident "GCC: (GNU) 4.1.0 20050922 (experimental)"

On Thu, Feb 06, 2020 at 04:38:34PM +0100, Christophe Leroy wrote: > With latest kernel (Linus tree as of 5.6 merge window), I get the following > warning in the kernel 'dmesg': > > [ 5.746588] process '/bin/sh' started with executable stack > > This comes from commit

Greetings, I've been looking for a proper way to to track down user's activity inside the shell as I'm helping my colleague to configure a web hosting and shell hosting server. Someone have referred me to this article -- http://bsdtips.utcorp.net/mediawiki/index.php/Snoop which is using 'watch' commands to view user's activity once they logged in to the server I found

With latest kernel (Linus tree as of 5.6 merge window), I get the following warning in the kernel 'dmesg': [ 5.746588] process '/bin/sh' started with executable stack This comes from commit https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/exec.c?id=47a2ebb7f5053387f5753b524f4920b9b829f922 "execve: warn if process starts with executable

Here's a small test program to find out where a klibc executable expects its shared library (or interpreter to be precise) to be. It should work regardless of 32/64 bit, little- or big-endian, but only on native executables. If you have access to a 64-bit or big endian machine, I would appreciate feedback on whether it produces correct answers on your machine. To run the test, cut the

Hi! I'm experiencing some problems configuring audit on 6.2-RELEASE system. It doesn't seem to log anything except login messages. The only thing I've modified in config is the root user specification in audit_users. Now it looks like this: root:lo,ex,fw,fc:no However nor ex, non fw or fc messages doesn't get into the log. Furthermore, deleting lo from audit_users and

Greetings, In order to use solaris's BSM (Basic security module) also called c2 audit, which logs specific kernel calls depending on your audit_control, I would need to use login(1) to log users exec calls and whatnot because Portable OpenSSH does not have <bsm/audit.h> support, now that would mean I would have to enable Uselogin in sshd_config in order for that to work. I am running

Hi Dave, I remember I read your post, but when I read it, nobody had answered you yet. Thank you very much for the script, it seems to be more complete than mine. I am new to php, to create a script, I usually edit it in notepad and save it as *.php. How can I compile the script '--with-sockets' under windows? Thanks again MAX ________________________________________ From:

Folks -- I''m trying to run FreeBSD 6.0 on a VT-x based Xen system. I''m experiencing a problem where the boot loader is crashing before the FreeBSD kernel (proper) is loaded. The sequence of operations is that the VMX domain is constructed, the BIOS is executed, GRUB loads, I type the instructions to load FreeBSD (a boot loader) and that code begins to execute and then

Dear All, Over the past week or so, I have spent some time updating Tom Rhodes' excellent FreeBSD Handbook chapter on Audit for some of the more recent audit changes, such as new features in more recent OpenBSM versions. Since FreeBSD 6.2-BETA2 contains what is likely the final drop of the audit code (modulo any bug fixes) for 6.2-RELEASE, now would be a great time for people interested

Here is some code i wrote to send a mp3 file to a shoutcast server, with a little modification im sure you could change it and use it to connect to icecast2 and write various things etc... not sure but here it is ------------------------------------------------------ <?php $port = '8000'; $ip = '127.0.0.1'; $fileplay = './whatever.mp3'; $password = 'changme'

Under windows all you need to do is edit your php.ini file under C:\WINDOWS\ (xp) or C:\WINNT (2000) Look for the the following lines ;;;;;;;;;;;;;;;;;;;;;; ; Dynamic Extensions ; ;;;;;;;;;;;;;;;;;;;;;; then find ;extension=php_shmop.dll extension=php_sockets.dll ;extension=php_sybase_ct.dll ;extension=php_tokenizer.dll make sure sockets is uncommented you will also need to set the path you

G''Day Folks, Check out this DTrace script, # ./swapinfo.d RAM _______Total 511 Mb RAM Unusable 8 Mb RAM Kernel 96 Mb RAM Locked 0 Mb RAM Used 318 Mb RAM Avail 88 Mb Disk _______Total 1023 Mb Disk Used 9 Mb Disk Avail 1014 Mb Swap _______Total 1367 Mb Swap Used 327

On a system with IEEE_754 undefined, I run into an bug, when the value of an element of the first argument (e.g., x[0]) of formatReal() is NA: 1. (format.c:235) if (!R_FINITE ..) gives nanflag=1 (!naflag remains 0) 2. (format.c:272..288) *m gets an value of -2147483643 (from the format fiddling, should not matter to us) 3. (format.c:289) because naflag is zero, m does not

Hi everyone, I've got a dataset with 12,000 observations. One of the variables (cleary$D1) is for an individual's country, coded 1 - 15. I'd like to create a dummy variable for the Baltic states which are coded 4,6, and 7. In other words, as a dummy variable Baltic states would be coded 1, else 0. I've attempted the following for loop: dummy <- matrix(NA, nrow=nrow(cleary),

Hi everybody, Does anyone know a function to compute the attributable risk of a factor in a logistic regression or a proportional hazard cox model (both with confounding variables)? I need also obtain the confidence interval. Thanks in advance. Isaac Subirana. -------- La informació continguda en aquest missatge i en qualsevol fitxer adjunt és confidencial, privada i d'ús exclusiu

Hi, I am aware that it is impossible to netboot ISO files through pxelinux/memdisk and that there are multiple reasons for not even attempting it (like the operating system which will try to access a physical optical drive through its own drivers anyway, BIOS issues etc.). When people ask questions regarding ISO support in pxelinux/memdisk, they're mostly told to convert the ISO into a