Date: Wed, 25 Jul 2012 16:15:16 +0000 (UTC) From: jb <jb.1234abcd@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Securituy - logging of user commands Message-ID: <loom.20120725T180820-933@post.gmane.org> References: <500FDCE4.8060607@my.gd> <loom.20120725T143820-718@post.gmane.org> <500FF037.4020302@my.gd>
next in thread | previous in thread | raw e-mail | index | archive | help
Damien Fleuriot <ml <at> my.gd> writes: > ... > >From my syslog.conf: > auth.info;authpriv.info /var/log/auth.log > > Yet I'm seeing not a trail in /var/log/auth.log , or messages, or even > in secure > ... # less /var/log/auth.log Feb 22 21:13:56 localhost newsyslog[1503]: logfile first created Feb 22 21:14:07 localhost login: login on ttyv0 as jb Feb 22 21:14:15 localhost su: jb to root on /dev/ttyv0 ... Jul 25 15:23:48 localhost su: jb to root on /dev/pts/3 Jul 25 17:25:05 localhost snoopy[50059]: [uid:0 sid:45449 tty:/dev/pts/2 cwd:/usr/ports/security/snoopy filename:/usr/bin/touch]: touch /etc/ld.so.preload Jul 25 17:25:05 localhost snoopy[50060]: [uid:0 sid:45449 tty:/dev/pts/2 cwd:/usr/ports/security/snoopy filename:/usr/bin/grep]: grep -c ^/usr/local/lib//snoopy.so /etc/ld.so.preload Jul 25 17:52:29 localhost snoopy[50145]: [uid:0 sid:46687 tty:/dev/pts/3 cwd:/usr/home/jb filename:/usr/bin/less]: less /var/log/auth.log Jul 25 17:54:03 localhost snoopy[50148]: [uid:0 sid:46687 tty:/dev/pts/3 cwd:/usr/home/jb filename:/usr/bin/touch]: touch test1 Jul 25 17:54:08 localhost snoopy[50149]: [uid:0 sid:46687 tty:/dev/pts/3 cwd:/usr/home/jb filename:/usr/bin/less]: less /var/log/auth.log [root@localhost /home/jb]# jb
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?loom.20120725T180820-933>