Date: Thu, 2 Oct 2008 13:19:11 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Attila Nagy <bra@fsn.hu> Cc: freebsd-security@freebsd.org Subject: Re: Missing /dev/auditpipe Message-ID: <alpine.BSF.1.10.0810021317530.9076@fledge.watson.org> In-Reply-To: <48DB7CA4.80609@fsn.hu> References: <48DB7CA4.80609@fsn.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 25 Sep 2008, Attila Nagy wrote: > Running RELENG_7 (and HEAD too), and I can't find the auditpipe device. Is > there anything which should be set in order to make it useable? > > auditd runs and logs to /var/audit, which I can read with praudit. (Following up to the list because Attila and I exchanged e-mail offline) The problem here was that /dev/auditpipe is cloning, so it doesn't exist until you try to open it. In FreeBSD 8.x, and possibly 7.2, we're moving to the new per-cdev private data so that /dev/auditpipe will always exist supporting multiple session, and there won't be a series of dynamicall created devices, but that's not ready to hit a release yet. Robert N M Watson Computer Laboratory University of Cambridge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.1.10.0810021317530.9076>