|
|
 Up |
|
|
  |
|
|
|
|
|
|
Author: samsam
Date: Mar 21, 2008 01:20
Hello,
please, the following is noteworthy:
-----------------------------------------------------------------
# ls /dev
acpi auditpipe171 auditpipe248 auditpipe4 devctl
apm auditpipe172 auditpipe249 auditpipe40...
|
| Show full article (6.32Kb) |
|
no comments
|
|
|
Author: Robert WatsonRobert Watson
Date: Mar 6, 2008 08:22
On Fri, 8 Feb 2008, sam wrote:
> description of trouble situation on system FreeBSD 6.3-RELEASE i386:
>
> open 2 putty console on remote server
>
> console1: # cat /dev/auditpipe | praudit -l
>
> console2: # cat >> /var/log/audit_cat...
|
| Show full article (3.00Kb) |
|
no comments
|
|
|
|
|
|
Author: Robert WatsonRobert Watson
Date: Feb 27, 2008 11:37
On Thu, 21 Feb 2008, sam wrote:
> i am using OpenBSM on System with jails
>
> part of praudit output / action write file in jail
>
> --------------------------------------------------
> header,176,10,open(2) - write,creat,trunc,0,Thu Feb 21 13:45:06 2008, + 501
> msec,argument,3,0x81ed,mode,argument,2,0x601,flags,path,//site/svn/dev.lineage2.dom/pamm/hooks/post-commit,attribute,755,www,www,88,800911,3234053,subject,lynx,root,wheel,root,wheel,44680,44668,56876, 10.15.1.116,return,success,4,trailer,176,
> --------------------------------------------------
>
> please add jail-identification in output (cat /dev/auditpipe | praudit -lp)
Vladimir,
I believe Christian has plans to use the Solaris "zone" BSM token to this end,
as well as plans to enhance our support for hostid header fields so that when
audit trails are aggregated from many sources, they can be processed with
awareness of which source they came from. I've added him to the CC line, and
he may be able to expand on this.
|
| Show full article (1.28Kb) |
|
no comments
|
|
|
Author: samsam
Date: Feb 21, 2008 04:50
hello
i am using OpenBSM on System with jails
part of praudit output / action write file in jail
--------------------------------------------------
header,176,10,open(2) - write,creat,trunc,0,Thu Feb 21 13:45:06 2008, +
501
msec,argument,3,0x81ed,mode,argument,2,0x601,flags,path,//site/svn/dev.lineage2.dom/pamm/hooks/post-commit,attribute,755,www,www,88,800911,3234053,subject,lynx,root,wheel,root,wheel,44680,44668,56876, 10.15.1.116,return,success,4,trailer,176,
--------------------------------------------------
please add jail-identification in output (cat /dev/auditpipe | praudit -lp)
/Vladimir Ermakov
_______________________________________________
freebsd-audit@ freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-audit
To unsubscribe, send any mail to "freebsd-audit-unsubscribe@ freebsd.org"
|
| |
|
no comments
|
|
|
|
|
|
Author: samsam
Date: Feb 8, 2008 04:09
sam wrote:
>
> description of trouble situation on system FreeBSD 6.3-RELEASE i386
>
>
|
| |
|
no comments
|
|
|
|
|
|
Author: samsam
Date: Feb 8, 2008 02:50
hi all
description of trouble situation on system FreeBSD 6.3-RELEASE i386:
open 2 putty console on remote server
console1:
# cat /dev/auditpipe | praudit -l
console2:
# cat >> /var/log/audit_cat.data
console1 (output message):
# cat /dev/auditpipe | praudit -l
header,168,10,open(2) - write,creat,0,Fri Feb 8 12:59:34 2008, + 309
msec,argument,3,0x1b6,mode,argument,2,0x209,flags,path,/var/log/audit_cat.data,attribute,644,root,admin,72,2732063,10952279,subject,venom,root,wheel,root,wheel,44255,41955,1647, 192.168.1.26,return,success,4,trailer,168,
after 30 seconds
console2 (cat waiting user input & user typing message & pusshing
'Ctrl+d' for deattach ):
# cat >> /var/log/audit_cat.data
abracadabra_message
#
|
| Show full article (1.54Kb) |
|
no comments
|
|
|
|
|
|
|
