Date: Wed, 16 Jan 2008 14:00:55 -0500 From: Richard Bates <bates@telehouse.com> To: freebsd-current@freebsd.org Subject: Re: Question on security.. Message-ID: <3E41B004-70D9-46CF-8F04-ED4475E39BAA@telehouse.com> In-Reply-To: <20080115161724.U32954@fledge.watson.org> References: <9419F125-F8F9-4FFB-A9F0-CF59DC9278C9@telehouse.com> <20080115161724.U32954@fledge.watson.org>
index | next in thread | previous in thread | raw e-mail
Ok,
I setup a test server with
FreeBSd 6.2 installed
Compiled the kernel to include auditd
SAMBA3, NetAtalk, and SSH enabled
Audit seems to log the ssh connections,
but doesn't log the smb/cifs netatalk connections.
I'd also like to monitor MySQl connections.
Is there a way to do this?
I went through the audit section of the handbook,
but there is nothing specific.
Thanks
On Jan 15, 2008, at 11:18 AM, Robert Watson wrote:
>
> On Tue, 15 Jan 2008, Richard Bates wrote:
>
>> I know login failures are logged in /var/log/auth.log
>>
>> is there a way to log the login of users in this log say something
>> like
>>
>> Jan 15 10:59:00 MyServer sshd[91869]: User bates authenticated
>> from 172.18.1.139
>> Jan 15 10:59:00 MyServer sshd[91869]: User bates Disconnected from
>> 172.18.1.139
>
> The normal system lastlog, accessed via last(1), does this fairly
> well. As you notch up the level of logging on sshd, it should also
> be able to do that. However, I tend to use audit for the above type
> of functionality, as the results are more parseable using tools
> like auditreduce. There's a handbook chapter on how to configure
> and use audit, should you be looking for something a bit more on
> that scale of things.
>
> Robert N M Watson
> Computer Laboratory
> University of Cambridge
>
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E41B004-70D9-46CF-8F04-ED4475E39BAA>