From owner-freebsd-stable@FreeBSD.ORG Fri Mar 2 17:02:59 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E51381065670 for ; Fri, 2 Mar 2012 17:02:59 +0000 (UTC) (envelope-from mamalos@eng.auth.gr) Received: from vergina.eng.auth.gr (vergina.eng.auth.gr [155.207.18.1]) by mx1.freebsd.org (Postfix) with ESMTP id 5252F8FC18 for ; Fri, 2 Mar 2012 17:02:58 +0000 (UTC) Received: from mamalacation.ee.auth.gr (mamalacation.ee.auth.gr [155.207.33.29]) (authenticated bits=0) by vergina.eng.auth.gr (8.14.4/8.14.3) with ESMTP id q22Gnmfx075730 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Fri, 2 Mar 2012 18:49:49 +0200 (EET) (envelope-from mamalos@eng.auth.gr) Message-ID: <4F50FA2D.9020801@eng.auth.gr> Date: Fri, 02 Mar 2012 18:49:49 +0200 From: George Mamalakis User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.2) Gecko/20120217 Thunderbird/10.0.2 MIME-Version: 1.0 To: freebsd-stable@freebsd.org References: <4F50F2A0.40401@eng.auth.gr> In-Reply-To: <4F50F2A0.40401@eng.auth.gr> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (vergina.eng.auth.gr [192.168.18.7]); Fri, 02 Mar 2012 18:49:49 +0200 (EET) Subject: Re: audit in jail X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Mar 2012 17:03:00 -0000 On 03/02/12 18:17, George Mamalakis wrote: > Ah! > > And one more thing with respect to this issue. Since I realized that > probably I won't be able to run audit within a jail, I tried to > continue with my work from outside the jail. What I need is to audit > some system users (like www) inside my jails and do stuff with their > audit trails. In order to be able to audit www's actions, I downloaded > setaudit from http://www.freebsd.org/~csjp/setaudit.c which allows > this functionality. setaudit works fine from outside my jails, but > when I run it from within a jail, I get the following error again: > > [root@in-jail] # setaudit -awww -mfr /bin/ls > setaudit: setaudit_addr: Function not implemented > > Is there, at least, some > easy/secure/not-whole-system-configuration-changing way to start > apache from within a jail to be able to audit his actions from outside > the jail? > > Thank you all in advance, once more. > OK, found it! I am running: [root@out-of-jail] setaudit -awww -m fr,fw,fa,fm,fc,fd,cl jexec 6 /usr/local/bin/sudo -u www /usr/local/sbin/apachectl startssl from outside the jails and it works like a charm! Nasty, but at least it's working... Thank you all anyway! -- George Mamalakis IT and Security Officer Electrical and Computer Engineer (Aristotle Un. of Thessaloniki), MSc (Imperial College of London) Department of Electrical and Computer Engineering Faculty of Engineering Aristotle University of Thessaloniki phone number : +30 (2310) 994379