Audit(d) and jails

看板FB_security作者時間16年前 (2009/04/21 04:32), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/1
Hi all, I've been struggling lately to find a way to use the audit functionality in any meaningful way while using jails. My original idea was running auditd on the host, and thus get audit data for all the jails - however this proves impractical as identifying, for instance, the path of an executable inside a jail is impossible (it shows as //usr/bin/something in the logs). I have also failed to run auditd inside the jails, and doing so would somehow reduce its value - as the idea is to lock down the host and audit from there. I see there is a SOC project to make audit jail-aware, but I'm sure I've missed something in the current implementation (7.1) as well. Could anyone share their experiences on this with me - or am I on the wrong track entirely? Thanks, /Eirik _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 ltning. 的文章
文章代碼(AID): #19xDl400 (FB_security)