Date: Wed, 25 Jul 2012 22:29:59 +0200 From: Damien Fleuriot <ml@my.gd> To: jb <jb.1234abcd@gmail.com> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Securituy - logging of user commands Message-ID: <9AF63C5D-D3C1-4E70-A1FB-3EC54FCFE90E@my.gd> In-Reply-To: <loom.20120725T180820-933@post.gmane.org> References: <500FDCE4.8060607@my.gd> <loom.20120725T143820-718@post.gmane.org> <500FF037.4020302@my.gd> <loom.20120725T180820-933@post.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25 Jul 2012, at 18:15, jb <jb.1234abcd@gmail.com> wrote: > Damien Fleuriot <ml <at> my.gd> writes: > >> ... >>> From my syslog.conf: >> auth.info;authpriv.info /var/log/auth.log >> >> Yet I'm seeing not a trail in /var/log/auth.log , or messages, or even >> in secure >> ... > > # less /var/log/auth.log > Feb 22 21:13:56 localhost newsyslog[1503]: logfile first created > Feb 22 21:14:07 localhost login: login on ttyv0 as jb > Feb 22 21:14:15 localhost su: jb to root on /dev/ttyv0 > ... > Jul 25 15:23:48 localhost su: jb to root on /dev/pts/3 > Jul 25 17:25:05 localhost snoopy[50059]: [uid:0 sid:45449 tty:/dev/pts/2 > cwd:/usr/ports/security/snoopy filename:/usr/bin/touch]: touch > /etc/ld.so.preload > Jul 25 17:25:05 localhost snoopy[50060]: [uid:0 sid:45449 tty:/dev/pts/2 > cwd:/usr/ports/security/snoopy filename:/usr/bin/grep]: grep -c > ^/usr/local/lib//snoopy.so /etc/ld.so.preload > Jul 25 17:52:29 localhost snoopy[50145]: [uid:0 sid:46687 tty:/dev/pts/3 > cwd:/usr/home/jb filename:/usr/bin/less]: less /var/log/auth.log > Jul 25 17:54:03 localhost snoopy[50148]: [uid:0 sid:46687 tty:/dev/pts/3 > cwd:/usr/home/jb filename:/usr/bin/touch]: touch test1 > Jul 25 17:54:08 localhost snoopy[50149]: [uid:0 sid:46687 tty:/dev/pts/3 > cwd:/usr/home/jb filename:/usr/bin/less]: less /var/log/auth.log > [root@localhost /home/jb]# > > jb > Thanks for taking the time to show me it works, at least for you. What fbsd and snoopy version might these be ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9AF63C5D-D3C1-4E70-A1FB-3EC54FCFE90E>