Date: Fri, 15 Dec 2006 00:47:24 +0000 From: Hugo Silva <hugo@barafranca.com> To: freebsd-questions@freebsd.org Subject: OpenBSM on 6.2-RC1 Message-ID: <4581F09C.1070205@barafranca.com>
next in thread | raw e-mail | index | archive | help
Hi list, I'm experimenting with OpenBSM and I'm stuck on something. I've read the manpages and the handbook section related to it, so either I'm missing something obvious, or it doesn't work properly yet. audit_control (relevant part): flags:+all,-all:no naflags:lo audit_user: username:+all,-all:no I had fm,fd on my username as a test, for chmod and trying to remove files. These don't get logged at all. The only thing I've seen thru praudit is su'ing to root (which gets logged, regardless if I input the right password or not). The expected result (at least from my basic knowledge of OpenBSM's syntax, I've been around this for a few hours only) would be logging every success and every failure from my username. I am not using console logins, this is over SSH. I'm not sure if they're related. The only way I could make OpenBSM log any more than su'ing up was to change naflags to all. According to http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit-config.html, "The naflags option specifies audit classes to be audited for non-attributed events, such as the login process and system daemons." So the only thing that could be happening based on my limited knowledge of this software, is that somehow it cannot distinguish usernames on SSH connections. This seems odd, to say the least, so I'm resorting to the list, in the hopes that someone can point me in the right direction. Hugo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4581F09C.1070205>