From owner-freebsd-questions@FreeBSD.ORG Thu Jul 26 20:28:32 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 830571065670 for ; Thu, 26 Jul 2012 20:28:32 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) by mx1.freebsd.org (Postfix) with ESMTP id 3AD4A8FC17 for ; Thu, 26 Jul 2012 20:28:32 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1SuUef-0002Z1-Q2 for freebsd-questions@freebsd.org; Thu, 26 Jul 2012 22:28:29 +0200 Received: from 79.139.19.75 ([79.139.19.75]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 26 Jul 2012 22:27:29 +0200 Received: from jb.1234abcd by 79.139.19.75 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 26 Jul 2012 22:27:29 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: jb Date: Thu, 26 Jul 2012 20:27:20 +0000 (UTC) Lines: 115 Message-ID: References: <500FDCE4.8060607@my.gd> <500FF037.4020302@my.gd> <50111AB1.7060205@my.gd> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: sea.gmane.org User-Agent: Loom/3.14 (http://gmane.org/) X-Loom-IP: 79.139.19.75 (Mozilla/5.0 (X11; FreeBSD i386; rv:13.0) Gecko/20100101 Firefox/13.0.1) Subject: Re: Security - logging of user commands X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2012 20:28:32 -0000 Damien Fleuriot my.gd> writes: > ... > Might anyone confirm the issue ? > > The above is true for 8.1-RELEASE, 8-STABLE , 9-STABLE with snoopy being > at version 1.8.0 on all of them. $ uname -r 9.0-RELEASE-p3 $ man ldconfig ... Filenames must conform to the lib*.so.[0-9] pattern in order to be added to the hints file. ... FILES /var/run/ld.so.hints Standard hints file for the a.out dynamic linker. /var/run/ld-elf.so.hints Standard hints file for the ELF dynamic linker. /etc/ld.so.conf Conventional configuration file containing directory names for invocations with -aout. /etc/ld-elf.so.conf Conventional configuration file containing directory names for invocations with -elf. /var/run/ld-elf32.so.hints /var/run/ld32.so.hints Conventional configuration files containing directory names for invocations with -32. /etc/objformat Determines whether -aout or -elf is the default. If present, it must consist of a single line containing either `OBJFORMAT=aout' or `OBJFORMAT=elf'. ... $ # ls -al /usr/local/lib/libsnoopy.so* lrwxr-xr-x 1 root wheel 14 Jul 26 20:43 /usr/local/lib/libsnoopy.so -> libsnoopy.so.1 -r-xr-xr-x 1 root wheel 4824 Jul 26 20:07 /usr/local/lib/libsnoopy.so.1 $ grep ldconfig /etc/defaults/rc.conf ... ldconfig_paths=... /usr/local/lib ... ... # /etc/rc.d/ldconfig start ... ldconfig_start() ... for i in ${ldconfig_paths} /etc/ld-elf.so.conf; do if [ -r "${i}" ]; then _LDC="${_LDC} ${i}" fi done check_startmsgs && echo 'ELF ldconfig path:' ${_LDC} ${ldconfig} -elf ${_ins} ${_LDC} ... $ ldconfig -r /var/run/ld-elf.so.hints: search directories: /lib:/usr/lib:/usr/lib/compat:/usr/local/lib:/usr/local/lib/event2:/usr/local /lib/gcc46:/usr/local/lib/graphviz:/usr/local/lib/libxul:/usr/local/lib/nss: /usr/local/lib/pth:/usr/local/lib/qt4 0:-lc.7 => /lib/libc.so.7 ... 465:-lsnoopy.1 => /usr/local/lib/libsnoopy.so.1 ... $ # man ldconfig ... # tail /var/log/auth.log ... Jul 26 22:12:38 localhost snoopy[5884]: [uid:0 sid:2957 tty:/dev/pts/2 cwd:/usr/local/lib filename:/sbin/sysctl]: /sbin/sysctl -n hw.machine_arch Jul 26 22:12:38 localhost snoopy[5885]: [uid:0 sid:2957 tty:/dev/pts/2 cwd:/usr/local/lib filename:/sbin/sysctl]: /sbin/sysctl -n hw.machine Jul 26 22:12:38 localhost snoopy[5886]: [uid:0 sid:2957 tty:/dev/pts/2 cwd:/usr/local/lib filename:/usr/bin/locale]: /usr/bin/locale Jul 26 22:12:38 localhost snoopy[5889]: [uid:0 sid:2957 tty: cwd:/usr/local/lib filename:/usr/bin/head]: head -1 Jul 26 22:12:38 localhost snoopy[5888]: [uid:0 sid:2957 tty:/dev/pts/2 cwd:/usr/local/lib filename:/usr/bin/zcat]: /usr/bin/zcat /usr/share/man/man8/ldconfig.8.gz Jul 26 22:12:38 localhost snoopy[5892]: [uid:0 sid:2957 tty: cwd:/usr/local/lib filename:/usr/bin/groff]: groff -S -P-h -Wall -mtty-char -man -Tascii -P-c Jul 26 22:12:38 localhost snoopy[5891]: [uid:0 sid:2957 tty: cwd:/usr/local/lib filename:/usr/bin/tbl]: tbl Jul 26 22:12:38 localhost snoopy[5890]: [uid:0 sid:2957 tty:/dev/pts/2 cwd:/usr/local/lib filename:/usr/bin/zcat]: /usr/bin/zcat /usr/share/man/man8/ldconfig.8.gz Jul 26 22:12:38 localhost snoopy[5893]: [uid:0 sid:2957 tty: cwd:/usr/local/lib filename:/usr/bin/more]: more # /etc/rc.d/named status Cannot 'status' named. Set named_enable to YES in /etc/rc.conf or use 'onestatus' instead of 'status'. # tail /var/log/auth.log ... Jul 26 22:16:40 localhost snoopy[5917]: [uid:0 sid:2957 tty:/dev/pts/2 cwd:/usr/local/lib filename:/bin/ps]: /bin/ps -ww -p 5916 -o jid= Jul 26 22:16:40 localhost snoopy[5919]: [uid:0 sid:2957 tty:/dev/pts/2 cwd:/usr/local/lib filename:/bin/ps]: /bin/ps -ww -o pid= -o jid= -o command= -ax # jb