From owner-freebsd-audit@FreeBSD.ORG  Tue Feb 19 04:44:24 2008
Return-Path: <owner-freebsd-audit@FreeBSD.ORG>
Delivered-To: audit@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AB97E16A41B
	for <audit@freebsd.org>; Tue, 19 Feb 2008 04:44:24 +0000 (UTC)
	(envelope-from hribekt@joho-iwate.or.jp)
Received: from pool-71-246-117-164.nycmny.east.verizon.net
	(pool-71-246-117-164.nycmny.east.verizon.net [71.246.117.164])
	by mx1.freebsd.org (Postfix) with SMTP id 2A7EE13C447
	for <audit@freebsd.org>; Tue, 19 Feb 2008 04:44:23 +0000 (UTC)
	(envelope-from hribekt@joho-iwate.or.jp)
Received: from osw ([123.78.134.47]) by
	pool-71-246-117-164.nycmny.east.verizon.net with Microsoft
	SMTPSVC(5.0.2195.5329); Mon, 18 Feb 2008 23:44:30 -0500
Message-ID: <47BA5EAE.7000004@md.scn-net.ne.jp>
Date: Mon, 18 Feb 2008 23:44:30 -0500
From: <hribekt@joho-iwate.or.jp>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: audit@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: 
Subject: While thousands complain,
	you can benefit from an all-covering solution.
X-BeenThere: freebsd-audit@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: FreeBSD Security Audit <freebsd-audit.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-audit>,
	<mailto:freebsd-audit-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-audit>
List-Post: <mailto:freebsd-audit@freebsd.org>
List-Help: <mailto:freebsd-audit-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-audit>,
	<mailto:freebsd-audit-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Feb 2008 04:44:24 -0000

Stay man even when drunk! http://mouitz.quickwant.com


From owner-freebsd-audit@FreeBSD.ORG  Thu Feb 21 12:48:59 2008
Return-Path: <owner-freebsd-audit@FreeBSD.ORG>
Delivered-To: freebsd-audit@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 23A4816A407
	for <freebsd-audit@freebsd.org>; Thu, 21 Feb 2008 12:48:59 +0000 (UTC)
	(envelope-from samflanker@gmail.com)
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.173])
	by mx1.freebsd.org (Postfix) with ESMTP id 3272F13C465
	for <freebsd-audit@freebsd.org>; Thu, 21 Feb 2008 12:48:57 +0000 (UTC)
	(envelope-from samflanker@gmail.com)
Received: by ug-out-1314.google.com with SMTP id y2so2466493uge.37
	for <freebsd-audit@freebsd.org>; Thu, 21 Feb 2008 04:48:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding;
	bh=dWU5iotveoXsGNcn/mjO/m4x8S0eGOrtGwnD0P4vSOA=;
	b=WJlGNDw80rgAewgeYnFuSkkRPajLeYYPu9lB50FHRZw5vk4kJggpUA5OXpIx1biY7dhNrdLrYQF8xVJQurq09xtIMHJVdCzcTuVTvqzuBSrV6WrIR5UOL8sCl7rm5BKcKpkMwkuukJFJX7J5gxuiXOgfW/RVx/BVVT36PvoRN78=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding;
	b=SXcK6iJTAdv4GZjAkx0+qhqmZ/Op7eImNnaEDzlU6B7Fi9arCKIOL1X8UY41h8zS0EY7k4dUatNnB45CvCsAAXWTjFH54rHyj25EkzcRJKHwJ3fOOPiCfHLaNMonf0tTz5I88EKke1atlJQ6yf0U3cTBATkKo1iN/WkvaSYsi5M=
Received: by 10.66.224.19 with SMTP id w19mr878199ugg.34.1203598135719;
	Thu, 21 Feb 2008 04:48:55 -0800 (PST)
Received: from ?192.168.12.92? ( [217.74.44.57])
	by mx.google.com with ESMTPS id 3sm15256557fge.7.2008.02.21.04.48.54
	(version=SSLv3 cipher=RC4-MD5); Thu, 21 Feb 2008 04:48:54 -0800 (PST)
Message-ID: <47BD7337.2020503@gmail.com>
Date: Thu, 21 Feb 2008 15:48:55 +0300
From: sam <samflanker@gmail.com>
User-Agent: Thunderbird 2.0.0.4 (Windows/20070604)
MIME-Version: 1.0
To: Robert Watson <rwatson@FreeBSD.org>
References: <46C55191.2050205@gmail.com>
	<20070821145603.L50579@fledge.watson.org>
	<46CAF217.7040204@gmail.com>
	<20070821151108.Y53914@fledge.watson.org>
	<46CAF4E9.2030700@gmail.com>
	<20070821152327.R53914@fledge.watson.org>
	<46CBE096.90805@gmail.com>
	<20070828175313.B90180@fledge.watson.org>
In-Reply-To: <20070828175313.B90180@fledge.watson.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-hackers@freebsd.org, trustedbsd-audit@FreeBSD.org,
	freebsd-audit@freebsd.org
Subject: OpenBSM & Jails
X-BeenThere: freebsd-audit@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: FreeBSD Security Audit <freebsd-audit.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-audit>,
	<mailto:freebsd-audit-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-audit>
List-Post: <mailto:freebsd-audit@freebsd.org>
List-Help: <mailto:freebsd-audit-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-audit>,
	<mailto:freebsd-audit-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Feb 2008 12:48:59 -0000

hello

i am using OpenBSM on System with jails

part of praudit output / action write file in jail

--------------------------------------------------
header,176,10,open(2) - write,creat,trunc,0,Thu Feb 21 13:45:06 2008, + 
501 
msec,argument,3,0x81ed,mode,argument,2,0x601,flags,path,//site/svn/dev.lineage2.dom/pamm/hooks/post-commit,attribute,755,www,www,88,800911,3234053,subject,lynx,root,wheel,root,wheel,44680,44668,56876,10.15.1.116,return,success,4,trailer,176,
--------------------------------------------------

please add jail-identification in output (cat /dev/auditpipe | praudit -lp)

/Vladimir Ermakov