similar to: Audit handbook chapter review, call for general testing

Displaying 20 results from an estimated 2000 matches similar to: "Audit handbook chapter review, call for general testing"

2006 Jun 05
0
Heads up: OpenBSM 1.0a6, per-auditpipe preselection imported to CVS (fwd)
FYI for those working with audit and intrusion detection on FreeBSD. Robert N M Watson ---------- Forwarded message ---------- Date: Mon, 5 Jun 2006 17:01:04 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: current@FreeBSD.org Cc: trustedbsd-audit@TrustedBSD.org Subject: Heads up: OpenBSM 1.0a6, per-auditpipe preselection imported to CVS This is a heads up to current@ users
2011 Jun 29
1
More questions about audit
Hello, Freebsd-security. I'm grepping all sources for programs, which support audit and found strange thing: find . -name '*.c*' -print | \ grep -v -E '^./(sys|contrib/openbsm|tools/regression)' | \ xargs grep -E "\<(audit|au_)" shows, that only login(1), su(1), id(1) and sshd(1) uses audit. And even sshd(8) raise question: it doesn't call
2007 Jul 14
2
OpenBSM questions
Hello I have some issues with OpenBSM which i cannot resolve, so i decided to ask there. 1) I found some bugs in the auditreduce utility and created patch for it - http://www.freebsd.org/cgi/query-pr.cgi?pr=114534. Please, someone from freebsd team - take it, i think its better to fix this before next release. 2) I found that when i`m using XDM as login manager with OpenBSM, all my audit
2006 Aug 16
1
Warning: MFC of security event audit support RELENG_6 in the next 2-3 weeks
Dear 6-STABLE users, In the next 2-3 weeks, I plan to MFC support for CAPP security eventing auditing from 7-CURRENT to 6-STABLE. The implementation has been running quite nicely in -CURRENT for several months. Right now, I'm just waiting on a confirmation from Sun regarding formal allocation of a BSM header version number so as to avoid accidental version number conflicts in the
2006 Aug 16
1
Warning: MFC of security event audit support RELENG_6 in the next 2-3 weeks
Dear 6-STABLE users, In the next 2-3 weeks, I plan to MFC support for CAPP security eventing auditing from 7-CURRENT to 6-STABLE. The implementation has been running quite nicely in -CURRENT for several months. Right now, I'm just waiting on a confirmation from Sun regarding formal allocation of a BSM header version number so as to avoid accidental version number conflicts in the
2006 Feb 02
0
HEADS UP: Audit integration into CVS in progress, some tree disruption (fwd)
FYI, since this is probably of interest to subscribers of this mailing list also. Robert N M Watson ---------- Forwarded message ---------- Date: Wed, 1 Feb 2006 22:55:40 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Julian Elischer <julian@elischer.org> Cc: trustedbsd-audit@TrustedBSD.org, K?vesd?n G?bor <gabor.kovesdan@t-hosting.hu>, current@freebsd.org
2005 May 01
0
FYI: TrustedBSD at BSDCan (fwd)
FYI for those attending BSDCan and interested in some of the security feature development going on for FreeBSD right now... Robert N M Watson ---------- Forwarded message ---------- Date: Thu, 28 Apr 2005 21:39:31 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: trustedbsd-discuss@TrustedBSD.org Subject: FYI: TrustedBSD at BSDCan Mentioned in an earlier e-mail, but here it is
2007 Feb 08
1
audit problems
Hi! I'm experiencing some problems configuring audit on 6.2-RELEASE system. It doesn't seem to log anything except login messages. The only thing I've modified in config is the root user specification in audit_users. Now it looks like this: root:lo,ex,fw,fc:no However nor ex, non fw or fc messages doesn't get into the log. Furthermore, deleting lo from audit_users and
2006 Sep 20
2
Status of MFC security event audit support in RELENG_6?
A few weeks back Robert Watson announced the merge of these features from 7 back into 6-STABLE. I hadn't seen any updates and was curious as to the status. Us 6-STABLE users are curious to test it out. Thanks. --A
2006 Oct 31
0
PSARC/2002/762 Layered Trusted Solaris
Author: jpk Repository: /hg/zfs-crypto/gate Revision: e7e07b2f4fcfbe725493f4074f9e9f0d8bfd8e1c Log message: PSARC/2002/762 Layered Trusted Solaris PSARC/2005/060 TSNET: Trusted Networking with Security Labels PSARC/2005/259 Layered Trusted Solaris Label Interfaces PSARC/2005/573 Solaris Trusted Extensions for Printing PSARC/2005/691 Trusted Extensions for Device Allocation PSARC/2005/723 Solaris
2013 Jan 06
2
audit events confusion
On a rather full customer web server, I am trying to track down whose web site script is trying to make outbound network connections when they should not be. In /etc/security/audit_control, I added to the flags line dir:/var/audit flags:lo,aa,-nt minfree:5 to log failed network connection. When I try an make an outbound connection to something that is blocked in pf, it seems to sometimes work.
2006 Oct 31
0
PSARC/2005/527 - new auditreduce(1m) selection options
Author: gww Repository: /hg/zfs-crypto/gate Revision: 322cd5db41c90d74236dc0bad43d5474dbea5d85 Log message: PSARC/2005/527 - new auditreduce(1m) selection options 5071771 need sessionid option for auditreduce Files: update: usr/src/cmd/auditreduce/auditrd.h update: usr/src/cmd/auditreduce/auditrt.h update: usr/src/cmd/auditreduce/option.c update: usr/src/cmd/auditreduce/token.c
2007 Sep 29
0
Why are most audit events apparently non-attributable?
So I'm exploring AUDIT and have this in /etc/security/audit_control: dir:/var/audit flags:lo,fd minfree:20 naflags:lo policy:cnt filesz:0 I tell auditd to reread the config file with audit -s but no file deletion events are logged. I change the config file to: dir:/var/audit flags:lo minfree:20 naflags:lo,fd policy:cnt filesz:0 I type audit -s and am immediately flooded with 20 kilobytes
2007 Sep 29
0
Why are audit events apparently non-attributable?
So I'm exploring AUDIT and have this in /etc/security/audit_control: dir:/var/audit flags:lo,fd minfree:20 naflags:lo policy:cnt filesz:0 I tell auditd to reread the config file with audit -s but no file deletion events are logged. I change the config file to: dir:/var/audit flags:lo minfree:20 naflags:lo,fd policy:cnt filesz:0 I type audit -s and am immediately flooded with 20 kilobytes
2008 Jan 01
3
Tracking user's activity
Greetings, I've been looking for a proper way to to track down user's activity inside the shell as I'm helping my colleague to configure a web hosting and shell hosting server. Someone have referred me to this article -- http://bsdtips.utcorp.net/mediawiki/index.php/Snoop which is using 'watch' commands to view user's activity once they logged in to the server I found
2006 Sep 14
6
sshd audit not happy with ssh1 and scp
I think I've found a bug with sshd handling audit events for commands (like scp) over ssh1 connections. Specifically, after updating to a recent FreeBSD 6.x with audit support, I'm getting log messages like these when using scp over ssh1: Sep 12 14:13:16 <auth.info> bm55 sshd[12335]: Accepted rsa for xxx from A.B.C.D port 2981 Sep 12 14:13:16 <auth.crit> bm55 sshd[12335]:
2014 Dec 04
3
Adding Solaris Audit to sshd (and sftp-server)
Hi Damien, I'm working with the Solaris team that is integrating openssh into upcoming Solaris releases. I'm looking for advice from the upstream community. You were suggested for that advice. If there are other mailing lists you'd like me to ask, I'm happy to do so, or if you'd like to forward, please feel free to do so. The --with-audit=bsm (audit-bsm.c) configuration
2005 Jun 10
2
[Kerberos] Error at Handbook?
Hi! I'm quite new to the list, but searching the archive and PRs didn't show me anything on the matter. According to FreeBSD Handbook (14.8.2 Setting up a Heimdal KDC) one should config DNS server by adding: ----- _kerberos IN TXT EXAMPLE.ORG. ----- This doesn't work. DNS servers returns: text = "EXAMPLE.ORG.". This is right, because RFC 1035 allows up to
2008 Sep 25
1
Missing /dev/auditpipe
Hello, Running RELENG_7 (and HEAD too), and I can't find the auditpipe device. Is there anything which should be set in order to make it useable? auditd runs and logs to /var/audit, which I can read with praudit. Thanks,
2000 Dec 17
2
Portable OpenSSH Solaris UseLogin Issue
Greetings, In order to use solaris's BSM (Basic security module) also called c2 audit, which logs specific kernel calls depending on your audit_control, I would need to use login(1) to log users exec calls and whatnot because Portable OpenSSH does not have <bsm/audit.h> support, now that would mean I would have to enable Uselogin in sshd_config in order for that to work. I am running