Date: Wed, 22 Oct 2014 12:41:18 +0100 (BST) From: Anton Shterenlikht <mexas@bris.ac.uk> To: freebsd-security@freebsd.org Subject: Re: system identification in utx database? Message-ID: <201410221141.s9MBfIRS027949@mech-as221.men.bris.ac.uk>
next in thread | raw e-mail | index | archive | help
I asked in questions@ and got no reply, trying here. Thanks Anton >From mexas Mon Oct 20 10:37:52 2014 >To: freebsd-questions@freebsd.org >Subject: system identification in utx database? >Reply-To: mexas@bris.ac.uk > >Hello > >Is there any information in a utx(8) database (log) >that allows one to identify the system where >that database was recorded? I cannot find any. > >I need to preserve the utx access logs from several >FreeBSD boxes. If I copy the logs to another box, >or just print, I lose the information about the >system where these logs came from. >This is because this information does not >seem to be present in the logs themselves. >So I have to add some manual database identification, >which might cast doubt on the database authenticity >or integrity, if I even need to rely such databases, >e.g. in court. > >So, I wonder if there is some system identification >information written to utx database that I'm not >familiar with. > >I also have auditing enabled, but I'm still >learning it, and don't want to loose the >simplicity of utx. > >Shall I ask in securuty@ list? > >Thanks > >Anton
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201410221141.s9MBfIRS027949>