From owner-freebsd-security@FreeBSD.ORG Fri Feb 9 14:08:56 2007 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 46A6A16A401; Fri, 9 Feb 2007 14:08:56 +0000 (UTC) (envelope-from chris@hitnet.RWTH-Aachen.DE) Received: from mta-1.ms.rz.rwth-aachen.de (mta-1.ms.rz.RWTH-Aachen.DE [134.130.7.72]) by mx1.freebsd.org (Postfix) with ESMTP id EBF8913C481; Fri, 9 Feb 2007 14:08:53 +0000 (UTC) (envelope-from chris@hitnet.RWTH-Aachen.DE) Received: from circe ([134.130.3.36]) by mta-1.ms.rz.RWTH-Aachen.de (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JD7001CS5USUS00@mta-1.ms.rz.RWTH-Aachen.de>; Fri, 09 Feb 2007 14:08:52 +0100 (CET) Received: from talos.rz.RWTH-Aachen.DE ([134.130.3.22]) by circe (MailMonitor for SMTP v1.2.2 ) ; Fri, 09 Feb 2007 14:08:44 +0100 (MET) Received: from bigboss.hitnet.rwth-aachen.de (bigspace.hitnet.RWTH-Aachen.DE [137.226.181.2]) by smarthost.rwth-aachen.de (8.13.8/8.13.1/1) with ESMTP id l19D8aaB023384; Fri, 09 Feb 2007 14:08:43 +0100 Received: from haakonia.hitnet.rwth-aachen.de ([137.226.181.92]) by bigboss.hitnet.rwth-aachen.de with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1HFTDp-0003va-SL; Fri, 09 Feb 2007 11:43:17 +0100 Received: by haakonia.hitnet.rwth-aachen.de (Postfix, from userid 1001) id E51643F41B; Fri, 09 Feb 2007 11:43:16 +0100 (CET) Date: Fri, 09 Feb 2007 11:43:16 +0100 From: Christian Brueffer In-reply-to: <20070208194855.692300fa.stas@FreeBSD.org> To: Stanislav Sedov Message-id: <20070209104316.GA1686@haakonia.hitnet.RWTH-Aachen.DE> MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary=Q68bSM7Ycu6FN28Q Content-disposition: inline X-Operating-System: FreeBSD 6.2-STABLE X-PGP-Key: http://people.FreeBSD.org/~brueffer/brueffer.key.asc X-PGP-Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D References: <20070208194855.692300fa.stas@FreeBSD.org> User-Agent: Mutt/1.5.11 X-Mailman-Approved-At: Fri, 09 Feb 2007 14:57:54 +0000 Cc: freebsd-security@FreeBSD.org, rwatson@FreeBSD.org Subject: Re: audit problems X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2007 14:08:56 -0000 --Q68bSM7Ycu6FN28Q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 08, 2007 at 07:48:55PM +0300, Stanislav Sedov wrote: > Hi! >=20 > I'm experiencing some problems configuring audit on 6.2-RELEASE system. > It doesn't seem to log anything except login messages. The only thing > I've modified in config is the root user specification in audit_users. > Now it looks like this: > root:lo,ex,fw,fc:no >=20 > However nor ex, non fw or fc messages doesn't get into the log. > Furthermore, deleting lo from audit_users and audit_control doesn't stop > login messages logging. >=20 > Is it possible that some other kernel options interfere with AUDIT > (e.g. MAC)? >=20 Are you running something else then FreeBSD/i386? If yes, the necessary changes to the machine dependent trap.c weren't merged. This was only noticed one or two weeks ago and the necessary changes are in RELENG_6. - Christian --=20 Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D --Q68bSM7Ycu6FN28Q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFzFBEbHYXjKDtmC0RAmPrAJwNGTa9gPZSiUyz8SIaNAr+yQ3BegCfccaj WaDHrFJ2W/wuI/uBvYjrDs4= =cgnJ -----END PGP SIGNATURE----- --Q68bSM7Ycu6FN28Q--