From owner-freebsd-security@FreeBSD.ORG Mon Jun 22 10:27:31 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3CF81106566C for ; Mon, 22 Jun 2009 10:27:31 +0000 (UTC) (envelope-from bra@fsn.hu) Received: from people.fsn.hu (people.fsn.hu [195.228.252.137]) by mx1.freebsd.org (Postfix) with ESMTP id 0180A8FC16 for ; Mon, 22 Jun 2009 10:27:30 +0000 (UTC) (envelope-from bra@fsn.hu) Message-ID: <4A3F5820.9050602@fsn.hu> Date: Mon, 22 Jun 2009 12:08:32 +0200 From: Attila Nagy User-Agent: Thunderbird 2.0.0.21 (X11/20090318) MIME-Version: 1.0 To: freebsd-security@freebsd.org X-Stationery: 0.4.9 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1 (people.fsn.hu [0.0.0.0]); Mon, 22 Jun 2009 12:08:33 +0200 (CEST) Subject: Auditing daemons with BSM X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jun 2009 10:27:31 -0000 Hello, I would like to audit(4) local daemons, started with rc.d scripts during the bootup sequence. I've set up audit_user and _control and when I log in with the username, it works just fine, but for the already started programs, audit doesn't produce anything. What's the preferred (I hope it's possible without any hacks) way of doing this? Thanks,