From owner-freebsd-stable@FreeBSD.ORG Fri Mar 2 16:17:38 2012 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 50355106564A for ; Fri, 2 Mar 2012 16:17:38 +0000 (UTC) (envelope-from mamalos@eng.auth.gr) Received: from vergina.eng.auth.gr (vergina.eng.auth.gr [155.207.18.1]) by mx1.freebsd.org (Postfix) with ESMTP id BA4C88FC08 for ; Fri, 2 Mar 2012 16:17:37 +0000 (UTC) Received: from mamalacation.ee.auth.gr (mamalacation.ee.auth.gr [155.207.33.29]) (authenticated bits=0) by vergina.eng.auth.gr (8.14.4/8.14.3) with ESMTP id q22GHaWH063472 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Fri, 2 Mar 2012 18:17:36 +0200 (EET) (envelope-from mamalos@eng.auth.gr) Message-ID: <4F50F2A0.40401@eng.auth.gr> Date: Fri, 02 Mar 2012 18:17:36 +0200 From: George Mamalakis User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.2) Gecko/20120217 Thunderbird/10.0.2 MIME-Version: 1.0 To: stable@freebsd.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (vergina.eng.auth.gr [192.168.18.7]); Fri, 02 Mar 2012 18:17:36 +0200 (EET) Cc: Subject: RE: audit in jail X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Mar 2012 16:17:38 -0000 Ah! And one more thing with respect to this issue. Since I realized that probably I won't be able to run audit within a jail, I tried to continue with my work from outside the jail. What I need is to audit some system users (like www) inside my jails and do stuff with their audit trails. In order to be able to audit www's actions, I downloaded setaudit from http://www.freebsd.org/~csjp/setaudit.c which allows this functionality. setaudit works fine from outside my jails, but when I run it from within a jail, I get the following error again: [root@in-jail] # setaudit -awww -mfr /bin/ls setaudit: setaudit_addr: Function not implemented Is there, at least, some easy/secure/not-whole-system-configuration-changing way to start apache from within a jail to be able to audit his actions from outside the jail? Thank you all in advance, once more. -- George Mamalakis IT and Security Officer Electrical and Computer Engineer (Aristotle Un. of Thessaloniki), MSc (Imperial College of London) Department of Electrical and Computer Engineering Faculty of Engineering Aristotle University of Thessaloniki phone number : +30 (2310) 994379