Date: Mon, 15 Oct 2001 02:59:55 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: "Ilmar S. Habibulin" <ilmar@watson.org> Cc: Kris Kennaway <kris@obsecurity.org>, Maxim Sobolev <sobomax@FreeBSD.ORG>, kris@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Recent major changes in the NetBSD audit system Message-ID: <20011015025955.O309@blossom.cjclark.org> In-Reply-To: <Pine.BSF.3.96.1011015041913.91974B-100000@fledge.watson.org>; from ilmar@watson.org on Mon, Oct 15, 2001 at 04:19:59AM -0400 References: <20011013151002.B74378@xor.obsecurity.org> <Pine.BSF.3.96.1011015041913.91974B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 15, 2001 at 04:19:59AM -0400, Ilmar S. Habibulin wrote: > > > On Sat, 13 Oct 2001, Kris Kennaway wrote: > > > > FYI: http://www.netbsd.org/Changes/#audit-011013 > > Looks cool. Anyone want to port it over? > I think it should be review as part of TrustedBSD audit subsystem. It's not _that_ kind of audit system. From reading the commit messages, it looks like this NetBSD "audit" mechanism is just about making something like the present FreeBSD /etc/security script except much more configurable. It watches for changes in specific files and mails you a diff when it notices a change. (That's what I glean from the commit message.) It's not "auditing" in the sense that most security people use it. BTW, what ever happened to breaking up /etc/security into something like a periodic(8) format? Is someone still working on that? Maybe this NetBSD thingie can be imported as part of/in spite of that. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011015025955.O309>