From owner-freebsd-security@FreeBSD.ORG Thu Feb 8 17:15:18 2007 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9A77A16A402; Thu, 8 Feb 2007 17:15:18 +0000 (UTC) (envelope-from stas@FreeBSD.org) Received: from com1.ht-systems.ru (com1.ht-systems.ru [83.97.104.204]) by mx1.freebsd.org (Postfix) with ESMTP id 53BF413C474; Thu, 8 Feb 2007 17:15:18 +0000 (UTC) (envelope-from stas@FreeBSD.org) Received: from [83.97.106.68] (helo=phonon.SpringDaemons.com ident=postfix) by com1.ht-systems.ru with esmtpa (Exim 4.62) (envelope-from ) id 1HFCJS-0002Zz-JB; Thu, 08 Feb 2007 19:39:59 +0300 Received: from localhost (localhost [IPv6:::1]) by phonon.SpringDaemons.com (Postfix) with SMTP id 46C47114D1; Thu, 8 Feb 2007 19:48:56 +0300 (MSK) Date: Thu, 8 Feb 2007 19:48:55 +0300 From: Stanislav Sedov To: freebsd-security@FreeBSD.org Message-Id: <20070208194855.692300fa.stas@FreeBSD.org> Organization: The FreeBSD Project X-Mailer: carrier-pigeon X-Voice: +7 916 849 20 23 X-XMPP: ssedov@jabber.ru X-ICQ: 208105021 X-Yahoo: stanislav_sedov X-PGP-Fingerprint: F21E D6CC 5626 9609 6CE2 A385 2BF5 5993 EB26 9581 X-University: MEPhI Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="PGP-SHA1"; boundary="Signature=_Thu__8_Feb_2007_19_48_55_+0300_GjJwIEr1V0w+HAdW" X-Spam-Flag: SKIP Cc: rwatson@FreeBSD.org Subject: audit problems X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2007 17:15:20 -0000 --Signature=_Thu__8_Feb_2007_19_48_55_+0300_GjJwIEr1V0w+HAdW Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit Hi! I'm experiencing some problems configuring audit on 6.2-RELEASE system. It doesn't seem to log anything except login messages. The only thing I've modified in config is the root user specification in audit_users. Now it looks like this: root:lo,ex,fw,fc:no However nor ex, non fw or fc messages doesn't get into the log. Furthermore, deleting lo from audit_users and audit_control doesn't stop login messages logging. Is it possible that some other kernel options interfere with AUDIT (e.g. MAC)? Thanks! -- Stanislav Sedov ST4096-RIPE --Signature=_Thu__8_Feb_2007_19_48_55_+0300_GjJwIEr1V0w+HAdW Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFFy1R3K/VZk+smlYERAkCHAJ0RZxXXYWefND/YVd4Gl9nH4eISGgCfSnL1 Fo9oZIR2VDH5wgTn0nSOn20= =s4Ju -----END PGP SIGNATURE----- --Signature=_Thu__8_Feb_2007_19_48_55_+0300_GjJwIEr1V0w+HAdW--