Date: Sat, 17 Mar 2018 04:48:52 -0700 From: Eitan Adler <lists@eitanadler.com> To: Mateusz Piotrowski <0mp@freebsd.org> Cc: Christian Peron <csjp@sqrt.ca>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: auditing users within a jail Message-ID: <CAF6rxgnSwO9A741JXTKggZ0YjPJFJ2rbdvypPoCNeyQRmrYq7A@mail.gmail.com> In-Reply-To: <20180314141301.7bdd2d3d@oxy> References: <CAF6rxgmWWx-vQ9UDk4Uyk9SfxXBNtirtCEW6bixpS-akkn%2BwCw@mail.gmail.com> <20180312031746.GB7114@cps-macbook-pro.lan> <20180314141301.7bdd2d3d@oxy>
next in thread | previous in thread | raw e-mail | index | archive | help
On 14 March 2018 at 06:13, Mateusz Piotrowski <0mp@freebsd.org> wrote: > On Sun, 11 Mar 2018 22:17:47 -0500 > Christian Peron <csjp@sqrt.ca> wrote: > >>However, it is possible for processes in jails to produce audit >>records. The processes just need an audit mask. Since audit masks >>(configurations) are inherited across forks, you could set a global >>audit configuration for the jail using the following tool (or >>something like it): >> >>https://github.com/csjayp/setaudit (I just dropped it on to github) > > FYI, I'll submit a new setaudit port if Christian decides to pull in my > enhancements. We chatted a bit offline, but thanks for the info! That was really helpful. -- Eitan Adler
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxgnSwO9A741JXTKggZ0YjPJFJ2rbdvypPoCNeyQRmrYq7A>