From owner-freebsd-questions@FreeBSD.ORG Wed Jul 25 13:45:31 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6173B106564A for ; Wed, 25 Jul 2012 13:45:31 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-ee0-f54.google.com (mail-ee0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id E18298FC0A for ; Wed, 25 Jul 2012 13:45:30 +0000 (UTC) Received: by eeke52 with SMTP id e52so112053eek.13 for ; Wed, 25 Jul 2012 06:45:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding :x-gm-message-state; bh=bhYFSPiNqRQ6uudZ9wQzXoQ4iu6J/os9sY/aUlaWCVE=; b=jx7nAS6m2n57MiZim+w3TxFthVplGpdRTLRDuehpr0mz+742OFmufHWyjAdZW/SyqW zOxpPAPwOMVIwZvsn4y6eULsGWI2W7sb894qgmCVt9a54w18FruC4a5N6g2V1fHLZNth pxH/EotCSrcyw/cEt2UtwlX7e8ZvH+NKtvwMy2B4awAw1FIia79d1YpQgpcrPJNhmUYU IgKKz4oZcZkGPNzygHhaE7eBN8xzLXgQst44+N7KUkOVTNoQCeW+MP6b5Xvzalkc2JPD ww0Aq1WBIbP/+T1kNxf8PTrRfGRiUdwvQ1CnA5GczyNjnnBasbmUFsaivXDWuf9fjdmS CE/A== Received: by 10.14.177.3 with SMTP id c3mr595916eem.30.1343223929775; Wed, 25 Jul 2012 06:45:29 -0700 (PDT) Received: from dfleuriot-at-hi-media.com ([83.167.62.196]) by mx.google.com with ESMTPS id k48sm1831011eep.13.2012.07.25.06.45.28 (version=SSLv3 cipher=OTHER); Wed, 25 Jul 2012 06:45:28 -0700 (PDT) Message-ID: <500FF877.5070201@my.gd> Date: Wed, 25 Jul 2012 15:45:27 +0200 From: Damien Fleuriot User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:14.0) Gecko/20120713 Thunderbird/14.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <500FDCE4.8060607@my.gd> <20120725134100.GA50199@admin.sibptus.tomsk.ru> In-Reply-To: <20120725134100.GA50199@admin.sibptus.tomsk.ru> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQlMjWCRMW69Izb6GT203PTme/TcDSjr0YEfLsYiiFdq/iP2EbHzdCBIc246bdjivF3uN3/c Subject: Re: Securituy - logging of user commands X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jul 2012 13:45:31 -0000 On 7/25/12 3:41 PM, Victor Sudakov wrote: > Peter Boosten wrote: >> Have you ever considered the audit function of FreeBSD? > > Does it really log user commands? At best, it logs executed processes. > >From the handbook, it seems to be able to log executed commands and even arguments. That would suit the need. I've tried a bit, alas I'm afraid that for some reason, it won't log my commands as a user... I have to try a bit harder. Either way and back on topic, I'm concerned that the security/snoopy/ port might be broken. I have not yet seen a reply mentioning success, and have had none on my side on 8.1-RELEASE (admittedly, I could try on a more up-to-date system).