Date: Wed, 25 Jul 2012 14:05:13 +0200 From: Damien Fleuriot <ml@my.gd> To: Peter Boosten <peter@boosten.org> Cc: "freebsd-questions@FreeBSD.org" <freebsd-questions@FreeBSD.org> Subject: Re: Securituy - logging of user commands Message-ID: <500FE0F9.9020008@my.gd> In-Reply-To: <FAD52607-4596-4F07-BC04-9C975EA7399C@boosten.org> References: <500FDCE4.8060607@my.gd> <FAD52607-4596-4F07-BC04-9C975EA7399C@boosten.org>
next in thread | previous in thread | raw e-mail | index | archive | help
No I haven't. That's a good suggestion, I'll look into it and see if it fits the purpose :) On 7/25/12 2:04 PM, Peter Boosten wrote: > Have you ever considered the audit function of FreeBSD? > > > Peter Boosten > > On 25 jul. 2012, at 13:47, Damien Fleuriot <ml@my.gd> wrote: > >> Hello list, >> >> >> >> We're currently working towards the PCI DSS certification (Payment Card >> Industry) for a project at work. >> >> >> One of the prerequisites is that all user commands be logged. >> >> We're currently using a very bad hack that takes the last command from a >> user's history and sends it to a log server. >> >> This of course is unreliable as a user may entirely disable their >> history, or just use another shell to bypass the csh function or whatever. >> >> >> >> My colleagues installed Snoopy on debian and it seems to work wonders as >> a module which is LD preloaded. >> >> >> I notice it also exists on FreeBSD as /usr/ports/security/snoopy . >> >> >> However I face several problems with it, mainly it doesn't seem to log >> anything. >> >> >> >> As per the README, I have added "/usr/local/lib/snoopy.so" to >> /etc/ld.so.preload >> >> I'm not even sure this file is used on BSD ? >> >> As per the man page for ld.so there's no such file: >> http://www.freebsd.org/cgi/man.cgi?query=ld.so >> >> Neither libmap.conf nor ldconfig(8) seem to be the answer either. >> >> >> >> I've googled for ld.so.conf and found the following 2 posts which seem >> to indicate it isn't used either: >> http://lists.freebsd.org/pipermail/freebsd-hackers/2003-June/001746.html >> http://lists.freebsd.org/pipermail/freebsd-hackers/2003-June/001747.html >> >> The posts mention -current but date back from 2003. >> >> >> >> Lastly, I have also noticed that the port installs /usr/local/bin/detect >> which I executed and would always reply "something's fishy". >> >> By looking at the (very short) source I noticed the program merely loads >> /lib/libc.so.6 , and it wouldn't find it on my system (8.3-STABLE with >> /lib/libc.so.7). >> Adjusting and recompiling lets the program correctly print "secure" but >> it does nothing else. >> >> I have checked that the output /usr/local/lib/snoopy.so module is linked >> against libc.so.7 , and it is. >> >> >> >> Has anyone ever got Snoopy to work on BSD ? >> Might I need to install linux emulation ? >> >> Is there any other port that might do the job and which I could use ? >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?500FE0F9.9020008>