Date: Fri, 09 Feb 2007 11:43:16 +0100 From: Christian Brueffer <brueffer@FreeBSD.org> To: Stanislav Sedov <stas@FreeBSD.org> Cc: freebsd-security@FreeBSD.org, rwatson@FreeBSD.org Subject: Re: audit problems Message-ID: <20070209104316.GA1686@haakonia.hitnet.RWTH-Aachen.DE> In-Reply-To: <20070208194855.692300fa.stas@FreeBSD.org> References: <20070208194855.692300fa.stas@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Q68bSM7Ycu6FN28Q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 08, 2007 at 07:48:55PM +0300, Stanislav Sedov wrote: > Hi! >=20 > I'm experiencing some problems configuring audit on 6.2-RELEASE system. > It doesn't seem to log anything except login messages. The only thing > I've modified in config is the root user specification in audit_users. > Now it looks like this: > root:lo,ex,fw,fc:no >=20 > However nor ex, non fw or fc messages doesn't get into the log. > Furthermore, deleting lo from audit_users and audit_control doesn't stop > login messages logging. >=20 > Is it possible that some other kernel options interfere with AUDIT > (e.g. MAC)? >=20 Are you running something else then FreeBSD/i386? If yes, the necessary changes to the machine dependent trap.c weren't merged. This was only noticed one or two weeks ago and the necessary changes are in RELENG_6. - Christian --=20 Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D --Q68bSM7Ycu6FN28Q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFzFBEbHYXjKDtmC0RAmPrAJwNGTa9gPZSiUyz8SIaNAr+yQ3BegCfccaj WaDHrFJ2W/wuI/uBvYjrDs4= =cgnJ -----END PGP SIGNATURE----- --Q68bSM7Ycu6FN28Q--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070209104316.GA1686>