From owner-freebsd-questions@FreeBSD.ORG  Wed Jul 25 16:15:35 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id BF6151065670
	for <freebsd-questions@freebsd.org>;
	Wed, 25 Jul 2012 16:15:35 +0000 (UTC)
	(envelope-from freebsd-questions@m.gmane.org)
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3])
	by mx1.freebsd.org (Postfix) with ESMTP id 7915F8FC16
	for <freebsd-questions@freebsd.org>;
	Wed, 25 Jul 2012 16:15:35 +0000 (UTC)
Received: from list by plane.gmane.org with local (Exim 4.69)
	(envelope-from <freebsd-questions@m.gmane.org>) id 1Su4FK-0005xo-IN
	for freebsd-questions@freebsd.org; Wed, 25 Jul 2012 18:15:34 +0200
Received: from np-19-75.prenet.pl ([np-19-75.prenet.pl])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-questions@freebsd.org>; Wed, 25 Jul 2012 18:15:34 +0200
Received: from jb.1234abcd by np-19-75.prenet.pl with local (Gmexim 0.1
	(Debian)) id 1AlnuQ-0007hv-00
	for <freebsd-questions@freebsd.org>; Wed, 25 Jul 2012 18:15:34 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-questions@freebsd.org
From: jb <jb.1234abcd@gmail.com>
Date: Wed, 25 Jul 2012 16:15:16 +0000 (UTC)
Lines: 32
Message-ID: <loom.20120725T180820-933@post.gmane.org>
References: <500FDCE4.8060607@my.gd> <loom.20120725T143820-718@post.gmane.org>
	<500FF037.4020302@my.gd>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: sea.gmane.org
User-Agent: Loom/3.14 (http://gmane.org/)
X-Loom-IP: 79.139.19.75 (Mozilla/5.0 (X11; FreeBSD i386;
	rv:13.0) Gecko/20100101 Firefox/13.0.1)
Subject: Re: Securituy - logging of user commands
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jul 2012 16:15:35 -0000

Damien Fleuriot <ml <at> my.gd> writes:

> ... 
> >From my syslog.conf:
> auth.info;authpriv.info                         /var/log/auth.log
> 
> Yet I'm seeing not a trail in /var/log/auth.log , or messages, or even
> in secure
> ... 

# less /var/log/auth.log 
Feb 22 21:13:56 localhost newsyslog[1503]: logfile first created
Feb 22 21:14:07 localhost login: login on ttyv0 as jb
Feb 22 21:14:15 localhost su: jb to root on /dev/ttyv0
...
Jul 25 15:23:48 localhost su: jb to root on /dev/pts/3
Jul 25 17:25:05 localhost snoopy[50059]: [uid:0 sid:45449 tty:/dev/pts/2
cwd:/usr/ports/security/snoopy filename:/usr/bin/touch]: touch 
/etc/ld.so.preload 
Jul 25 17:25:05 localhost snoopy[50060]: [uid:0 sid:45449 tty:/dev/pts/2
cwd:/usr/ports/security/snoopy filename:/usr/bin/grep]: grep -c
^/usr/local/lib//snoopy.so /etc/ld.so.preload 
Jul 25 17:52:29 localhost snoopy[50145]: [uid:0 sid:46687 tty:/dev/pts/3
cwd:/usr/home/jb filename:/usr/bin/less]: less /var/log/auth.log 
Jul 25 17:54:03 localhost snoopy[50148]: [uid:0 sid:46687 tty:/dev/pts/3
cwd:/usr/home/jb filename:/usr/bin/touch]: touch test1 
Jul 25 17:54:08 localhost snoopy[50149]: [uid:0 sid:46687 tty:/dev/pts/3
cwd:/usr/home/jb filename:/usr/bin/less]: less /var/log/auth.log 
[root@localhost /home/jb]#

jb