Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 08 Feb 2008 13:22:41 +0300
From:      sam <samflanker@gmail.com>
To:        Robert Watson <rwatson@FreeBSD.org>
Cc:        trustedbsd-audit@FreeBSD.org, freebsd-audit@freebsd.org
Subject:   audit (OpenBSM) & cat
Message-ID:  <47AC2D71.1010405@gmail.com>
In-Reply-To: <20070828175313.B90180@fledge.watson.org>
References:  <46C55191.2050205@gmail.com> <20070821145603.L50579@fledge.watson.org> <46CAF217.7040204@gmail.com> <20070821151108.Y53914@fledge.watson.org> <46CAF4E9.2030700@gmail.com> <20070821152327.R53914@fledge.watson.org> <46CBE096.90805@gmail.com> <20070828175313.B90180@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
hi all

description of trouble situation on system FreeBSD 6.3-RELEASE i386:

open 2 putty console on remote server

console1:
# cat /dev/auditpipe | praudit -l

console2:
# cat >> /var/log/audit_cat.data

console1 (output message):
# cat /dev/auditpipe | praudit -l
header,168,10,open(2) - write,creat,0,Fri Feb  8 12:59:34 2008, + 309 
msec,argument,3,0x1b6,mode,argument,2,0x209,flags,path,/var/log/audit_cat.data,attribute,644,root,admin,72,2732063,10952279,subject,venom,root,wheel,root,wheel,44255,41955,1647,192.168.1.26,return,success,4,trailer,168,

after 30 seconds

console2 (cat waiting user input & user typing message & pusshing 
'Ctrl+d' for deattach ):
# cat >> /var/log/audit_cat.data
abracadabra_message
#

console1 (don`t output message on user action 'adding string 
"abracadabra_message" & deattach'):
# cat /dev/auditpipe | praudit -l
header,168,10,open(2) - write,creat,0,Fri Feb  8 12:59:34 2008, + 309 
msec,argument,3,0x1b6,mode,argument,2,0x209,flags,path,/var/log/audit_cat.data,attribute,644,root,admin,72,2732063,10952279,subject,venom,root,wheel,root,wheel,44255,41955,1647,192.168.1.26,return,success,4,trailer,168,


/dev/auditpipe output data on moment create file descriptor, but don`t 
output message after adding string in file and close file

any solution?


/Vladimir Ermakov

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47AC2D71.1010405>