Date: Wed, 25 Jul 2012 14:04:04 +0200 From: Peter Boosten <peter@boosten.org> To: Damien Fleuriot <ml@my.gd> Cc: "freebsd-questions@FreeBSD.org" <freebsd-questions@FreeBSD.org> Subject: Re: Securituy - logging of user commands Message-ID: <FAD52607-4596-4F07-BC04-9C975EA7399C@boosten.org> In-Reply-To: <500FDCE4.8060607@my.gd> References: <500FDCE4.8060607@my.gd>
next in thread | previous in thread | raw e-mail | index | archive | help
Have you ever considered the audit function of FreeBSD? Peter Boosten On 25 jul. 2012, at 13:47, Damien Fleuriot <ml@my.gd> wrote: > Hello list, >=20 >=20 >=20 > We're currently working towards the PCI DSS certification (Payment Card > Industry) for a project at work. >=20 >=20 > One of the prerequisites is that all user commands be logged. >=20 > We're currently using a very bad hack that takes the last command from a > user's history and sends it to a log server. >=20 > This of course is unreliable as a user may entirely disable their > history, or just use another shell to bypass the csh function or whatever.= >=20 >=20 >=20 > My colleagues installed Snoopy on debian and it seems to work wonders as > a module which is LD preloaded. >=20 >=20 > I notice it also exists on FreeBSD as /usr/ports/security/snoopy . >=20 >=20 > However I face several problems with it, mainly it doesn't seem to log > anything. >=20 >=20 >=20 > As per the README, I have added "/usr/local/lib/snoopy.so" to > /etc/ld.so.preload >=20 > I'm not even sure this file is used on BSD ? >=20 > As per the man page for ld.so there's no such file: > http://www.freebsd.org/cgi/man.cgi?query=3Dld.so >=20 > Neither libmap.conf nor ldconfig(8) seem to be the answer either. >=20 >=20 >=20 > I've googled for ld.so.conf and found the following 2 posts which seem > to indicate it isn't used either: > http://lists.freebsd.org/pipermail/freebsd-hackers/2003-June/001746.html > http://lists.freebsd.org/pipermail/freebsd-hackers/2003-June/001747.html >=20 > The posts mention -current but date back from 2003. >=20 >=20 >=20 > Lastly, I have also noticed that the port installs /usr/local/bin/detect > which I executed and would always reply "something's fishy". >=20 > By looking at the (very short) source I noticed the program merely loads > /lib/libc.so.6 , and it wouldn't find it on my system (8.3-STABLE with > /lib/libc.so.7). > Adjusting and recompiling lets the program correctly print "secure" but > it does nothing else. >=20 > I have checked that the output /usr/local/lib/snoopy.so module is linked > against libc.so.7 , and it is. >=20 >=20 >=20 > Has anyone ever got Snoopy to work on BSD ? > Might I need to install linux emulation ? >=20 > Is there any other port that might do the job and which I could use ? > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.or= g"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FAD52607-4596-4F07-BC04-9C975EA7399C>