Date: Fri, 02 Mar 2012 18:49:49 +0200 From: George Mamalakis <mamalos@eng.auth.gr> To: freebsd-stable@freebsd.org Subject: Re: audit in jail Message-ID: <4F50FA2D.9020801@eng.auth.gr> In-Reply-To: <4F50F2A0.40401@eng.auth.gr> References: <4F50F2A0.40401@eng.auth.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
On 03/02/12 18:17, George Mamalakis wrote: > Ah! > > And one more thing with respect to this issue. Since I realized that > probably I won't be able to run audit within a jail, I tried to > continue with my work from outside the jail. What I need is to audit > some system users (like www) inside my jails and do stuff with their > audit trails. In order to be able to audit www's actions, I downloaded > setaudit from http://www.freebsd.org/~csjp/setaudit.c which allows > this functionality. setaudit works fine from outside my jails, but > when I run it from within a jail, I get the following error again: > > [root@in-jail] # setaudit -awww -mfr /bin/ls > setaudit: setaudit_addr: Function not implemented > > Is there, at least, some > easy/secure/not-whole-system-configuration-changing way to start > apache from within a jail to be able to audit his actions from outside > the jail? > > Thank you all in advance, once more. > OK, found it! I am running: [root@out-of-jail] setaudit -awww -m fr,fw,fa,fm,fc,fd,cl jexec 6 /usr/local/bin/sudo -u www /usr/local/sbin/apachectl startssl from outside the jails and it works like a charm! Nasty, but at least it's working... Thank you all anyway! -- George Mamalakis IT and Security Officer Electrical and Computer Engineer (Aristotle Un. of Thessaloniki), MSc (Imperial College of London) Department of Electrical and Computer Engineering Faculty of Engineering Aristotle University of Thessaloniki phone number : +30 (2310) 994379
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F50FA2D.9020801>