On 03/02/12 18:17, George Mamalakis wrote:
> Ah!
>
> And one more thing with respect to this issue. Since I realized that
> probably I won't be able to run audit within a jail, I tried to
> continue with my work from outside the jail. What I need is to audit
> some system users (like www) inside my jails and do stuff with their
> audit trails. In order to be able to audit www's actions, I downloaded
> setaudit from http://www.freebsd.org/~csjp/setaudit.c which allows
> this functionality. setaudit works fine from outside my jails, but
> when I run it from within a jail, I get the following error again:
>
> [root@in-jail] # setaudit -awww -mfr /bin/ls
> setaudit: setaudit_addr: Function not implemented
>
> Is there, at least, some
> easy/secure/not-whole-system-configuration-changing way to start
> apache from within a jail to be able to audit his actions from outside
> the jail?
>
> Thank you all in advance, once more.
>
OK, found it!
I am running:
[root@out-of-jail] setaudit -awww -m fr,fw,fa,fm,fc,fd,cl jexec 6
/usr/local/bin/sudo -u www /usr/local/sbin/apachectl startssl
from outside the jails and it works like a charm! Nasty, but at least
it's working...
Thank you all anyway!
--
George Mamalakis
IT and Security Officer
Electrical and Computer Engineer (Aristotle Un. of Thessaloniki),
MSc (Imperial College of London)
Department of Electrical and Computer Engineering
Faculty of Engineering
Aristotle University of Thessaloniki
phone number : +30 (2310) 994379
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 2 之 2 篇):