Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 25 Jul 2012 16:15:16 +0000 (UTC)
From:      jb <jb.1234abcd@gmail.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: Securituy - logging of user commands
Message-ID:  <loom.20120725T180820-933@post.gmane.org>
References:  <500FDCE4.8060607@my.gd> <loom.20120725T143820-718@post.gmane.org> <500FF037.4020302@my.gd>

next in thread | previous in thread | raw e-mail | index | archive | help
Damien Fleuriot <ml <at> my.gd> writes:

> ... 
> >From my syslog.conf:
> auth.info;authpriv.info                         /var/log/auth.log
> 
> Yet I'm seeing not a trail in /var/log/auth.log , or messages, or even
> in secure
> ... 

# less /var/log/auth.log 
Feb 22 21:13:56 localhost newsyslog[1503]: logfile first created
Feb 22 21:14:07 localhost login: login on ttyv0 as jb
Feb 22 21:14:15 localhost su: jb to root on /dev/ttyv0
...
Jul 25 15:23:48 localhost su: jb to root on /dev/pts/3
Jul 25 17:25:05 localhost snoopy[50059]: [uid:0 sid:45449 tty:/dev/pts/2
cwd:/usr/ports/security/snoopy filename:/usr/bin/touch]: touch 
/etc/ld.so.preload 
Jul 25 17:25:05 localhost snoopy[50060]: [uid:0 sid:45449 tty:/dev/pts/2
cwd:/usr/ports/security/snoopy filename:/usr/bin/grep]: grep -c
^/usr/local/lib//snoopy.so /etc/ld.so.preload 
Jul 25 17:52:29 localhost snoopy[50145]: [uid:0 sid:46687 tty:/dev/pts/3
cwd:/usr/home/jb filename:/usr/bin/less]: less /var/log/auth.log 
Jul 25 17:54:03 localhost snoopy[50148]: [uid:0 sid:46687 tty:/dev/pts/3
cwd:/usr/home/jb filename:/usr/bin/touch]: touch test1 
Jul 25 17:54:08 localhost snoopy[50149]: [uid:0 sid:46687 tty:/dev/pts/3
cwd:/usr/home/jb filename:/usr/bin/less]: less /var/log/auth.log 
[root@localhost /home/jb]#

jb





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?loom.20120725T180820-933>