From owner-freebsd-questions@FreeBSD.ORG Wed Jul 25 12:05:17 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DFE7D1065677 for ; Wed, 25 Jul 2012 12:05:16 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-ee0-f54.google.com (mail-ee0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id 6828E8FC15 for ; Wed, 25 Jul 2012 12:05:16 +0000 (UTC) Received: by eeke52 with SMTP id e52so75781eek.13 for ; Wed, 25 Jul 2012 05:05:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding :x-gm-message-state; bh=vjLNNeAKym+Wgxd5kz5Z4ooA9JzDTJmq81vEfIux0yQ=; b=ZdBHdyx4pHrLY+MZs6YX5olRAqV9VZXvbj7a1qLwA3+nAjZLeT9YfdbDSgHU6A8/A+ vZbWxb+P6RPUKpqA4kXTc3JitCrJHKWKmx2OjMEbRrB8h4aTbG8tT01cj+3vUi1Qt007 YqeqjqsjBEvpMI+FKoHJDE3SMYv8p+RFPj2GkNpIm/ah/H0T5835/3QiFSfQHQsAQQEX Kg+FCZcYYmClX32WZom1FS8kHEXRwcd0mSFZVb/o7D+q3XAKarA4NBT7mPs1bsUXd+bF CM6F1QciS+525MwPy0Lf0KA8V+ylWvRZEoS7TDlZJZdGlkZCyzIEtFPELrvChOyI+OP9 l3yg== Received: by 10.14.201.2 with SMTP id a2mr369527eeo.10.1343217915466; Wed, 25 Jul 2012 05:05:15 -0700 (PDT) Received: from dfleuriot-at-hi-media.com ([83.167.62.196]) by mx.google.com with ESMTPS id c1sm1597088eeo.5.2012.07.25.05.05.14 (version=SSLv3 cipher=OTHER); Wed, 25 Jul 2012 05:05:14 -0700 (PDT) Message-ID: <500FE0F9.9020008@my.gd> Date: Wed, 25 Jul 2012 14:05:13 +0200 From: Damien Fleuriot User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:14.0) Gecko/20120713 Thunderbird/14.0 MIME-Version: 1.0 To: Peter Boosten References: <500FDCE4.8060607@my.gd> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQmRLs/X+IczvpbVPIENo/5/FWNLwlfjRl4xwZSaBGNznhpSOIRclpfCfHzYb+h2fBZvGcOV Cc: "freebsd-questions@FreeBSD.org" Subject: Re: Securituy - logging of user commands X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jul 2012 12:05:17 -0000 No I haven't. That's a good suggestion, I'll look into it and see if it fits the purpose :) On 7/25/12 2:04 PM, Peter Boosten wrote: > Have you ever considered the audit function of FreeBSD? > > > Peter Boosten > > On 25 jul. 2012, at 13:47, Damien Fleuriot wrote: > >> Hello list, >> >> >> >> We're currently working towards the PCI DSS certification (Payment Card >> Industry) for a project at work. >> >> >> One of the prerequisites is that all user commands be logged. >> >> We're currently using a very bad hack that takes the last command from a >> user's history and sends it to a log server. >> >> This of course is unreliable as a user may entirely disable their >> history, or just use another shell to bypass the csh function or whatever. >> >> >> >> My colleagues installed Snoopy on debian and it seems to work wonders as >> a module which is LD preloaded. >> >> >> I notice it also exists on FreeBSD as /usr/ports/security/snoopy . >> >> >> However I face several problems with it, mainly it doesn't seem to log >> anything. >> >> >> >> As per the README, I have added "/usr/local/lib/snoopy.so" to >> /etc/ld.so.preload >> >> I'm not even sure this file is used on BSD ? >> >> As per the man page for ld.so there's no such file: >> http://www.freebsd.org/cgi/man.cgi?query=ld.so >> >> Neither libmap.conf nor ldconfig(8) seem to be the answer either. >> >> >> >> I've googled for ld.so.conf and found the following 2 posts which seem >> to indicate it isn't used either: >> http://lists.freebsd.org/pipermail/freebsd-hackers/2003-June/001746.html >> http://lists.freebsd.org/pipermail/freebsd-hackers/2003-June/001747.html >> >> The posts mention -current but date back from 2003. >> >> >> >> Lastly, I have also noticed that the port installs /usr/local/bin/detect >> which I executed and would always reply "something's fishy". >> >> By looking at the (very short) source I noticed the program merely loads >> /lib/libc.so.6 , and it wouldn't find it on my system (8.3-STABLE with >> /lib/libc.so.7). >> Adjusting and recompiling lets the program correctly print "secure" but >> it does nothing else. >> >> I have checked that the output /usr/local/lib/snoopy.so module is linked >> against libc.so.7 , and it is. >> >> >> >> Has anyone ever got Snoopy to work on BSD ? >> Might I need to install linux emulation ? >> >> Is there any other port that might do the job and which I could use ? >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"