Date: Mon, 31 Mar 2014 17:56:13 +0000 (UTC) From: Dru Lavigne <dru@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r44400 - head/en_US.ISO8859-1/books/handbook/security Message-ID: <201403311756.s2VHuDQ4007676@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dru Date: Mon Mar 31 17:56:12 2014 New Revision: 44400 URL: http://svnweb.freebsd.org/changeset/doc/44400 Log: Editorial review of Process Accounting. This section is a bit lean. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Mon Mar 31 17:01:17 2014 (r44399) +++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Mon Mar 31 17:56:12 2014 (r44400) @@ -3492,12 +3492,17 @@ UWWemqWuz3lAZuORQ9KX their allocation among users, provide for system monitoring, and minimally track a user's commands.</para> - <para>This indeed has both positive and negative points. One + <para>Process accounting has both positive and negative points. One of the positives is that an intrusion may be narrowed down to the point of entry. A negative is the amount of logs generated by process accounting, and the disk space they may require. This section walks an administrator through the basics of process accounting.</para> + + <note> + <para>If more fine-grained accounting is needed, refer to + <xref linkend="audit"/>.</para> + </note> <sect2> <title>Enabling and Utilizing Process Accounting</title> @@ -3513,16 +3518,17 @@ UWWemqWuz3lAZuORQ9KX <para>Once enabled, accounting will begin to track information such as <acronym>CPU</acronym> statistics and executed commands. All accounting logs are in a non-human readable - format which can be viewed using &man.sa.8;. If issued - without any options, &man.sa.8; prints information relating to + format which can be viewed using <command>sa</command>. If issued + without any options, <command>sa</command> prints information relating to the number of per-user calls, the total elapsed time in minutes, total <acronym>CPU</acronym> and user time in - minutes, and the average number of I/O operations.</para> - - <para>To view information about commands being issued, use - &man.lastcomm.1;. This command displays the commands issued - by users on specific &man.ttys.5;. For example, this command - prints out all known usage of &man.ls.1; by <systemitem + minutes, and the average number of <acronym>I/O</acronym> operations. Refer to + &man.sa.8; for the list of available options which control the + output.</para> + + <para>To display the commands issued + by users, use <command>lastcomm</command>. For example, this command + prints out all usage of <command>ls</command> by <systemitem class="username">trhodes</systemitem> on the <literal>ttyp1</literal> terminal:</para>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201403311756.s2VHuDQ4007676>