similar to: Status of MFC security event audit support in RELENG_6?

Dear 6-STABLE users, In the next 2-3 weeks, I plan to MFC support for CAPP security eventing auditing from 7-CURRENT to 6-STABLE. The implementation has been running quite nicely in -CURRENT for several months. Right now, I'm just waiting on a confirmation from Sun regarding formal allocation of a BSM header version number so as to avoid accidental version number conflicts in the

Dear 6-STABLE users, In the next 2-3 weeks, I plan to MFC support for CAPP security eventing auditing from 7-CURRENT to 6-STABLE. The implementation has been running quite nicely in -CURRENT for several months. Right now, I'm just waiting on a confirmation from Sun regarding formal allocation of a BSM header version number so as to avoid accidental version number conflicts in the

Hi! I'm experiencing some problems configuring audit on 6.2-RELEASE system. It doesn't seem to log anything except login messages. The only thing I've modified in config is the root user specification in audit_users. Now it looks like this: root:lo,ex,fw,fc:no However nor ex, non fw or fc messages doesn't get into the log. Furthermore, deleting lo from audit_users and

I would like to request that some useful work on networking be MFCed from -CURRENT to -STABLE in time for the release of FreeBSD 6.3. In particular, I'd like to see some of the Netgraph nodes which are new or which have seen extensive development brought in -- ng_nat and ng_car in particular. Bringing in the latest version of ng_nat would allow more flexible in-kernel NAT, while ng_car (which

I think I've found a bug with sshd handling audit events for commands (like scp) over ssh1 connections. Specifically, after updating to a recent FreeBSD 6.x with audit support, I'm getting log messages like these when using scp over ssh1: Sep 12 14:13:16 <auth.info> bm55 sshd[12335]: Accepted rsa for xxx from A.B.C.D port 2981 Sep 12 14:13:16 <auth.crit> bm55 sshd[12335]:

Dear All, Over the past week or so, I have spent some time updating Tom Rhodes' excellent FreeBSD Handbook chapter on Audit for some of the more recent audit changes, such as new features in more recent OpenBSM versions. Since FreeBSD 6.2-BETA2 contains what is likely the final drop of the audit code (modulo any bug fixes) for 6.2-RELEASE, now would be a great time for people interested

Hello I have some issues with OpenBSM which i cannot resolve, so i decided to ask there. 1) I found some bugs in the auditreduce utility and created patch for it - http://www.freebsd.org/cgi/query-pr.cgi?pr=114534. Please, someone from freebsd team - take it, i think its better to fix this before next release. 2) I found that when i`m using XDM as login manager with OpenBSM, all my audit

TB --- 2008-06-03 08:42:30 - tinderbox 2.3 running on freebsd-legacy.sentex.ca TB --- 2008-06-03 08:42:30 - starting RELENG_6 tinderbox run for i386/i386 TB --- 2008-06-03 08:42:30 - cleaning the object tree TB --- 2008-06-03 08:43:09 - cvsupping the source tree TB --- 2008-06-03 08:43:09 - /usr/bin/csup -r 3 -g -L 1 -h localhost -s /tinderbox/RELENG_6/i386/i386/supfile TB --- 2008-06-03 08:43:22

Hi, there's a regression going from 6.2 to 6.3, where it will panic upon booting the kernel within vm_fault. This problem has been discussed before, but I'm seeing it reliably on a RELENG_6 checkout from 5th of May. It affects multiple (but identical) systems, here's an verbose boot leading to the panic. Please note that 6.2 was running fine on these machines, they also boot

Hi, I found that ypwhich -m does not work on 6.1-RC, it shows ypwhich: can't find the master of `?`: reason: No such map in server's domain IIRC, there was a commit last year to fix this. After some search, I think it is include/rpcsvc/yp_prot.h revision 1.13 done by peter@ (CC'ed). As far as I can tell, ypwhich -m is also broken on 5.4 and 5.5-PRERELEASE. I have tested that

I'm curious about the estimated EoL date on 6.2-RELEASE. Current estimate is listed as Jan 31 2008. That's just about 5 months away now. Suggestions for those who are about to be EoL'ed? Thanks.

On a rather full customer web server, I am trying to track down whose web site script is trying to make outbound network connections when they should not be. In /etc/security/audit_control, I added to the flags line dir:/var/audit flags:lo,aa,-nt minfree:5 to log failed network connection. When I try an make an outbound connection to something that is blocked in pf, it seems to sometimes work.

Hi, I'm using a recent RELENG_6 under I386/SMP (Athlon X2 4800+). dmesg output is under http://people.freebsd.org/~mr/dmesg.log.gz Root is on gmirror volume (2 SATA disks), a backup FS is on graid3 (5 firewire disks). This server acts as an bacula server. During backup with bacula I discovered an complete system freeze (no keyboard, nfs, disk...) after the following lines on the screen: ...

FYI for those working with audit and intrusion detection on FreeBSD. Robert N M Watson ---------- Forwarded message ---------- Date: Mon, 5 Jun 2006 17:01:04 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: current@FreeBSD.org Cc: trustedbsd-audit@TrustedBSD.org Subject: Heads up: OpenBSM 1.0a6, per-auditpipe preselection imported to CVS This is a heads up to current@ users

http://www.isc.org/sw/bind/view/?release=9.3.4 SECURITY ADVISORIES * CVE-2006-4095 CERT Vulnerability Note VU#915404 NISCC 172003 * CVE-2006-4096 CERT Vulnerability Note VU#697164 NISCC 172003 * CAN-2005-0034 NISCC-UNIRAS 20050125-00059 CERT Vulnerability Note VU#938617 [ODiP] == Dmitry Grigorovich

FYI, since this is probably of interest to subscribers of this mailing list also. Robert N M Watson ---------- Forwarded message ---------- Date: Wed, 1 Feb 2006 22:55:40 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Julian Elischer <julian@elischer.org> Cc: trustedbsd-audit@TrustedBSD.org, K?vesd?n G?bor <gabor.kovesdan@t-hosting.hu>, current@freebsd.org

Hello, I have recently updated a machine to 7-stable. ACPI doesn't seem to work correctly on this machine. With earlier versions of FreeBSD (including the latest RELENG_6), I got this line in dmesg: ACPI disabled by blacklist. Contact your BIOS vendor. And everything was fine. The box runs perfectly well with ACPI disabled. (I can't get a BIOS update because the mainboard is too

Greetings, In order to use solaris's BSM (Basic security module) also called c2 audit, which logs specific kernel calls depending on your audit_control, I would need to use login(1) to log users exec calls and whatnot because Portable OpenSSH does not have <bsm/audit.h> support, now that would mean I would have to enable Uselogin in sshd_config in order for that to work. I am running

TB --- 2008-06-03 09:06:24 - tinderbox 2.3 running on freebsd-legacy.sentex.ca TB --- 2008-06-03 09:06:24 - starting RELENG_6 tinderbox run for sparc64/sparc64 TB --- 2008-06-03 09:06:24 - cleaning the object tree TB --- 2008-06-03 09:06:55 - cvsupping the source tree TB --- 2008-06-03 09:06:55 - /usr/bin/csup -r 3 -g -L 1 -h localhost -s /tinderbox/RELENG_6/sparc64/sparc64/supfile TB ---

> John Freeman wrote: > >> Same problem on AMD64 build. I'm too lazy to attach full text, this >> system doesn't use bind and jail. > > What branch are you tracking? > > Doug > 6.2 STABLE (RELENG_6 latest cvs) amd64 -