From owner-freebsd-stable@FreeBSD.ORG  Mon Sep 18 06:16:40 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: stable@FreeBSD.org
Delivered-To: freebsd-stable@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7D66416A40F;
	Mon, 18 Sep 2006 06:16:40 +0000 (UTC)
	(envelope-from ganbold@micom.mng.net)
Received: from publicd.ub.mng.net (publicd.ub.mng.net [202.179.0.88])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A67B143D53;
	Mon, 18 Sep 2006 06:16:39 +0000 (GMT)
	(envelope-from ganbold@micom.mng.net)
Received: from [202.179.0.164] (helo=[192.168.0.18])
	by publicd.ub.mng.net with esmtpa (Exim 4.61 (FreeBSD))
	(envelope-from <ganbold@micom.mng.net>)
	id 1GPCQb-000120-Ld; Mon, 18 Sep 2006 15:16:25 +0900
Message-ID: <450E39B4.2000105@micom.mng.net>
Date: Mon, 18 Sep 2006 15:16:20 +0900
From: Ganbold <ganbold@micom.mng.net>
User-Agent: Thunderbird 1.5.0.4 (X11/20060612)
MIME-Version: 1.0
To: Robert Watson <rwatson@FreeBSD.org>
References: <20060917091750.T74654@fledge.watson.org>
In-Reply-To: <20060917091750.T74654@fledge.watson.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Joerg Pernfuss <elessar@bsdforen.de>, stable@FreeBSD.org,
	Cristiano Deana <cristiano.deana@gmail.com>
Subject: Re: Problems with auditd -- resolved
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Sep 2006 06:16:40 -0000

Robert Watson wrote:
>
> Dear all,
>
> I've just comitted a fix to syscalls.master and regenerated the 
> remaining system call files, which should correct the auditctl: 
> Invalid Argument error being returned by auditd.  In short order, this 
> fix should be on the cvsup mirrors -- please let me know if it 
> resolves the problem you were experiencing.

Hi,

After installing and running auditd I don't see any log files for auditd:

daemon# ls -l /var/audit/
total 0
-r--r-----  1 root  audit  0 Sep 18 14:23 20060918052316.20060918060339
-r--r-----  1 root  audit  0 Sep 18 15:03 20060918060339.not_terminated

I have custom /etc/security/audit_control and audit_user files.

daemon# more /etc/security/audit_control
#
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#3 $
# $FreeBSD: src/contrib/openbsm/etc/audit_control,v 1.2.2.1 2006/09/02 
10:46:00 rwatson Exp $
#
dir:/var/audit
flags:all
minfree:20
naflags:lo

#
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_user#3 $
# $FreeBSD: src/contrib/openbsm/etc/audit_user,v 1.2.2.1 2006/09/02 
10:46:00 rwatson Exp $
#
#root:lo:no
root:all:no

I'm bit confused here I thought auditd should log all activities, but I 
don't see any log files.
Am I doing something wrong here or my understanding regarding auditd is 
wrong?

thanks in advance,

Ganbold


>
> Thanks,
>
> Robert N M Watson
> Computer Laboratory
> University of Cambridge
> _______________________________________________
> freebsd-stable@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
>
>
>