From owner-freebsd-hackers@freebsd.org Fri Oct 7 09:27:00 2016 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 187C4C00434 for ; Fri, 7 Oct 2016 09:27:00 +0000 (UTC) (envelope-from mokhi64@gmail.com) Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B2ED59FC; Fri, 7 Oct 2016 09:26:59 +0000 (UTC) (envelope-from mokhi64@gmail.com) Received: by mail-wm0-x233.google.com with SMTP id k125so20963807wma.1; Fri, 07 Oct 2016 02:26:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=f8G8ZKclOsWjBW4CIMCtDR2lfJT5MVpDhFHTI00K+SA=; b=T0vh+YdUdO9tq/fjgKDnfSbOA/GQmoCNg9K5EF9XY9RJ/LRB+U8XOLLM0roYJrdN1i +bGSR8s06ONTGAVqhghve1MxeR5o2YswxEbbRL8gqwY3p4SJzzh541J/S/CYihGb+93c tFEcYiaCutLk0ib1PhZGZPgvfMpUqwwhxKV/D172dStDSnSvvskSG5RWGEoL3GbPkWoL SWGUuVTbQvWcYxw4POZKKri/8HVi+8fxE3a4uzOlXOza6rAB3yZ/pag6qrtX32Qj8Eb6 S1P2ZaHNNO0ZoVRlbrlbQW0Q3jVkOTQ5iYSfvUWoI3qhhR8CsRvPZ3ft4LJTa/DwQtUC LxGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=f8G8ZKclOsWjBW4CIMCtDR2lfJT5MVpDhFHTI00K+SA=; b=LkVoWrnsmICxtcEN1fnfmiGC1fAmjBi/8PpqA8rhtZOwIZi6ORbYyc12KmiXd8RO2i Wq0G487UoPjEhTR6xCRmOt2Ims2OtHX9aQua9O+uDtQmYe2XUHNFEb4xSg+GPKKuvh4M CadVRURX9d0uvUSPnfuraVfXDPQtjsn75una+BDGtYz+4DEUVOSQ2KFKH9TwJPojDcpA JAvGrOwFvUxKcFUnoTT1T47LUN3O2ATwp0zYSDdsxZPxkUUljzeqKSknlNpEsVrxsfjI zLKrBtNVCGfc7qBxMciedkCs+rB+dqNKWHoU5YuNuGXZlQ0WuY9Np8zRvr/N7ZCqd/a4 aipg== X-Gm-Message-State: AA6/9Rm26o4ePCloUreVJe92BZqglrkD+uuCngWU8mv9bE72tC3V0aFEqWbF6soMJzujBX3J2MSeFaf0ZJMacg== X-Received: by 10.28.220.212 with SMTP id t203mr19632736wmg.102.1475832417976; Fri, 07 Oct 2016 02:26:57 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.166.204 with HTTP; Fri, 7 Oct 2016 02:26:57 -0700 (PDT) In-Reply-To: References: From: mokhi Date: Fri, 7 Oct 2016 12:56:57 +0330 Message-ID: Subject: Re: Using Audit Framework and praudit To: Mateusz Piotrowski <0mp@freebsd.org> Cc: freebsd-hackers@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Oct 2016 09:27:00 -0000 Hi, Thanks for the answer. I saw audit_control(5) and the handbook entry for audit. My `/etc/security/audit_control` and `/etc/security/audit_user` is pasted on [1] and [2] I guess my changes (flags:all) should make it auditing all events on success and fails. Would you please explain me my misunderstanding if there's any? Best wishes, Mokhi. ============================ [1] https://0x.co/7PE6HC [2] https://0x.co/AZ7ZTH