From owner-freebsd-questions@FreeBSD.ORG Fri Dec 15 00:52:56 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8DDDC16A4A7 for ; Fri, 15 Dec 2006 00:52:56 +0000 (UTC) (envelope-from hugo@barafranca.com) Received: from mail.barafranca.com (mail.barafranca.com [67.19.101.164]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8BC8943E9B for ; Fri, 15 Dec 2006 00:46:16 +0000 (GMT) (envelope-from hugo@barafranca.com) Received: from localhost (localhost [127.0.0.1]) by mail.barafranca.com (Postfix) with ESMTP id E1CEBC43B7 for ; Fri, 15 Dec 2006 01:01:10 +0000 (UTC) Received: from mail.barafranca.com ([67.19.101.164]) by localhost (mail.barafranca.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 73535-02 for ; Fri, 15 Dec 2006 01:00:33 +0000 (UTC) Received: from [192.168.0.1] (a213-22-26-61.cpe.netcabo.pt [213.22.26.61]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.barafranca.com (Postfix) with ESMTP id 7C4BEC43A1 for ; Fri, 15 Dec 2006 01:00:33 +0000 (UTC) Message-ID: <4581F09C.1070205@barafranca.com> Date: Fri, 15 Dec 2006 00:47:24 +0000 From: Hugo Silva User-Agent: Thunderbird 1.5.0.7 (X11/20061007) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at barafranca.com X-Spam-Status: No, score=0 tagged_above=-1 required=4 tests=[none] X-Spam-Score: 0 X-Spam-Level: Subject: OpenBSM on 6.2-RC1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Dec 2006 00:52:56 -0000 Hi list, I'm experimenting with OpenBSM and I'm stuck on something. I've read the manpages and the handbook section related to it, so either I'm missing something obvious, or it doesn't work properly yet. audit_control (relevant part): flags:+all,-all:no naflags:lo audit_user: username:+all,-all:no I had fm,fd on my username as a test, for chmod and trying to remove files. These don't get logged at all. The only thing I've seen thru praudit is su'ing to root (which gets logged, regardless if I input the right password or not). The expected result (at least from my basic knowledge of OpenBSM's syntax, I've been around this for a few hours only) would be logging every success and every failure from my username. I am not using console logins, this is over SSH. I'm not sure if they're related. The only way I could make OpenBSM log any more than su'ing up was to change naflags to all. According to http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit-config.html, "The naflags option specifies audit classes to be audited for non-attributed events, such as the login process and system daemons." So the only thing that could be happening based on my limited knowledge of this software, is that somehow it cannot distinguish usernames on SSH connections. This seems odd, to say the least, so I'm resorting to the list, in the hopes that someone can point me in the right direction. Hugo