From owner-freebsd-security@freebsd.org Sat Jan 9 22:39:48 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B60F7A6A4EB for ; Sat, 9 Jan 2016 22:39:48 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from onlyone.friendlyhosting.spb.ru (onlyone.friendlyhosting.spb.ru [IPv6:2a01:4f8:131:60a2::2]) by mx1.freebsd.org (Postfix) with ESMTP id 8377E1DF3 for ; Sat, 9 Jan 2016 22:39:48 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from lion.home.serebryakov.spb.ru (unknown [IPv6:2001:470:923f:1:88ce:dbff:dc03:12da]) (Authenticated sender: lev@serebryakov.spb.ru) by onlyone.friendlyhosting.spb.ru (Postfix) with ESMTPSA id 937E048AF; Sun, 10 Jan 2016 01:39:40 +0300 (MSK) Date: Sun, 10 Jan 2016 01:39:31 +0300 From: Lev Serebryakov Reply-To: Lev Serebryakov Organization: FreeBSD X-Priority: 3 (Normal) Message-ID: <8610441270.20160110013923@serebryakov.spb.ru> To: Terje Elde CC: freebsd-security@freebsd.org Subject: Re: Does audit_control's "expire-after" by size works? In-Reply-To: <89CCB3E8-4E81-4673-B04B-E3B8A25CBE76@elde.net> References: <569159E6.1040206@FreeBSD.org> <89CCB3E8-4E81-4673-B04B-E3B8A25CBE76@elde.net> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="----------05205B05E1FA06B26" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jan 2016 22:39:48 -0000 ------------05205B05E1FA06B26 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Hello Terje, Saturday, January 9, 2016, 11:55:42 PM, you wrote: >> expire-after:356d AND 5G >>=20 >> and now my /var/audit contains 1 year of files, but it takes 105 >> gigabytes (!). >>=20 >> It is FreeBSD 10.2-STABLE r286784 > I don't recall how that limit is implemented, but it could be related to = this: > https://www.freebsd.org/security/advisories/FreeBSD-EN-15:19.kqueue.asc All these files are less than 2G. Really, each individual file is less than 200M. And here are my other question (in separate message). --=20 Best regards, Lev mailto:lev@FreeBSD.org ------------05205B05E1FA06B26 Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: GnuPG v2.0.22 (MingW32) iQJ8BAEBCgBmBQJWkYwiXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EePJYsP/RNfWPHjEB+Rr4Po4MzeF7Qy uyw3nWCMNyIGwFcFENWCusZyQ/utmS6q64idirdl6b8cy4kgCgvda0km5GTIizB6 0tUjQqQj9eFPxtf4hbkLoA5RYrG0MJxb0tf/sYR3gh8+6jZs0CGuU7+8iltzuYPj ok6liaPcpGa6t1NJpDyrHHEYkx0eBvLNexSNKkIjodb/hey16KdS1TCratGPz0G+ IBAivQrcE5+nRM3DftaRB8XECsEJGDre3EAI4XnJ2lBy+woog/xQNc9gYuKOoY1M eudyjTophpUbaOHhWZcTOKA8E7rMfEalZIgVDPTgArQu+Dw5YHH1Pky0rmR/U8dJ J+OfEiM0tsWqXWBc9shKjbDmlYbnubNeHVo/1IWTPFES5aefbjuWCoYh5hCAzf3q C5sj5NfyuwG0cl8CiPUmOetUSGycjr061geyYtxgz8ROEF2Z8s1MIj5G4vrt+ZGb pYulfWAOPazhNIznbHgQeLilHs+t17KfLR+dK3KbFt8fsq3aNbmZczn8LIWJIt8o EW8gh5U7roTZ0icxBX8Uz9ZLWJUF4Wc7jDyd1L8ULDOeGxPu65Pc9PGiKinyBVpQ 80uXxYP84TEUS8KssN7KUX6vNnlbbFPYuJieZgiKQABkVH83eh11vKlBmOcPIo+5 GCNITIl4WD+Aj2RD/oGg =3s47 -----END PGP MESSAGE----- ------------05205B05E1FA06B26--