Date: Wed, 27 Feb 2008 19:17:43 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: sam <samflanker@gmail.com> Cc: freebsd-hackers@freebsd.org, trustedbsd-audit@FreeBSD.org, csjp@FreeBSD.org, freebsd-audit@freebsd.org Subject: Re: OpenBSM & Jails Message-ID: <20080227191603.X17238@fledge.watson.org> In-Reply-To: <47BD7337.2020503@gmail.com> References: <46C55191.2050205@gmail.com> <20070821145603.L50579@fledge.watson.org> <46CAF217.7040204@gmail.com> <20070821151108.Y53914@fledge.watson.org> <46CAF4E9.2030700@gmail.com> <20070821152327.R53914@fledge.watson.org> <46CBE096.90805@gmail.com> <20070828175313.B90180@fledge.watson.org> <47BD7337.2020503@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 21 Feb 2008, sam wrote: > i am using OpenBSM on System with jails > > part of praudit output / action write file in jail > > -------------------------------------------------- > header,176,10,open(2) - write,creat,trunc,0,Thu Feb 21 13:45:06 2008, + 501 > msec,argument,3,0x81ed,mode,argument,2,0x601,flags,path,//site/svn/dev.lineage2.dom/pamm/hooks/post-commit,attribute,755,www,www,88,800911,3234053,subject,lynx,root,wheel,root,wheel,44680,44668,56876,10.15.1.116,return,success,4,trailer,176, > -------------------------------------------------- > > please add jail-identification in output (cat /dev/auditpipe | praudit -lp) Vladimir, I believe Christian has plans to use the Solaris "zone" BSM token to this end, as well as plans to enhance our support for hostid header fields so that when audit trails are aggregated from many sources, they can be processed with awareness of which source they came from. I've added him to the CC line, and he may be able to expand on this. Robert N M Watson Computer Laboratory University of Cambridge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080227191603.X17238>