More questions about audit

看板FB_security作者時間14年前 (2011/06/30 02:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/2 (看更多)
Hello, Freebsd-security. I'm grepping all sources for programs, which support audit and found strange thing: find . -name '*.c*' -print | \ grep -v -E '^./(sys|contrib/openbsm|tools/regression)' | \ xargs grep -E "\<(audit|au_)" shows, that only login(1), su(1), id(1) and sshd(1) uses audit. And even sshd(8) raise question: it doesn't call setaudit(2)! Even more, such command doesn't show anything about user login via ssh: auditreduce -m AUE_login /dev/auditpipe0 | praudit Yes, I have "lo" class enabled for all users, and, yes, auditreduce -r USER /dev/auditpipe0 | praudit shows activity after login... What do I do wrong? P.S. Maybe, here is more adequate list for BSM Audit questions? --=20 // Black Lion AKA Lev Serebryakov <lev@FreeBSD.org> _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 lev. 的文章
文章代碼(AID): #1E2sXbGx (FB_security)
更多 lev. 的文章
文章代碼(AID): #1E2sXbGx (FB_security)