Date: Sat, 17 Mar 2018 20:02:27 +0100 From: Mateusz Piotrowski <0mp@FreeBSD.org> To: Eitan Adler <lists@eitanadler.com> Cc: Christian Peron <csjp@sqrt.ca>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: auditing users within a jail Message-ID: <20180317200227.0be58cc3@oxy> In-Reply-To: <CAF6rxgnSwO9A741JXTKggZ0YjPJFJ2rbdvypPoCNeyQRmrYq7A@mail.gmail.com> References: <CAF6rxgmWWx-vQ9UDk4Uyk9SfxXBNtirtCEW6bixpS-akkn%2BwCw@mail.gmail.com> <20180312031746.GB7114@cps-macbook-pro.lan> <20180314141301.7bdd2d3d@oxy> <CAF6rxgnSwO9A741JXTKggZ0YjPJFJ2rbdvypPoCNeyQRmrYq7A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 17 Mar 2018 04:48:52 -0700 Eitan Adler <lists@eitanadler.com> wrote: >On 14 March 2018 at 06:13, Mateusz Piotrowski <0mp@freebsd.org> wrote: >> On Sun, 11 Mar 2018 22:17:47 -0500 >> Christian Peron <csjp@sqrt.ca> wrote: >> >>>However, it is possible for processes in jails to produce audit >>>records. The processes just need an audit mask. Since audit masks >>>(configurations) are inherited across forks, you could set a global >>>audit configuration for the jail using the following tool (or >>>something like it): >>> >>>https://github.com/csjayp/setaudit (I just dropped it on to github) >> >> FYI, I'll submit a new setaudit port if Christian decides to pull in >> my enhancements. > >We chatted a bit offline, but thanks for the info! That was really >helpful. :) BTW, the new port is already waiting on Bugzilla: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226627
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180317200227.0be58cc3>