Date: Tue, 25 Jan 2005 13:12:15 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 69704 for review Message-ID: <200501251312.j0PDCFjI047262@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=69704 Change 69704 by rwatson@rwatson_tislabs on 2005/01/25 13:11:13 Change behavior of the default audit_warn(5) script: submit messages via syslog rather than directly appending to /etc/security/audit_messages. Affected files ... .. //depot/projects/trustedbsd/audit3/contrib/bsm/etc/audit_warn#2 edit .. //depot/projects/trustedbsd/audit3/contrib/bsm/man/audit_warn.5#3 edit Differences ... ==== //depot/projects/trustedbsd/audit3/contrib/bsm/etc/audit_warn#2 (text+ko) ==== @@ -1,3 +1,2 @@ #!/bin/sh -TIME=$(date "+%h %d %H:%M:%S") -echo "$TIME audit warning: $@" >> /etc/security/audit_messages +logger -p security.warning "audit warning: $@" ==== //depot/projects/trustedbsd/audit3/contrib/bsm/man/audit_warn.5#3 (text+ko) ==== @@ -38,16 +38,20 @@ .Pp The default .Nm -is a script whose first parameter is the type of warning; the script -appends its arguments to -.Pa /etc/security/audit_messages . +is a script whose first parameter is the type of warning; the script submits +a log message via +.Xr logger 1 +of facility +.Ar security +and level +.Ar warning . Administrators may replace this script: a more comprehensive one would take different actions based on the type of warning. For example, a low-space warning could result in an email message being sent to the administrator. .Sh FILES .Bl -tag -width "/etc/security/audit_warn" -compact .It Pa /etc/security/audit_warn -.It Pa /etc/security/audit_messages .El .Sh SEE ALSO +.Xr logger 1 .Xr auditd 8
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200501251312.j0PDCFjI047262>