On Mon, 18 Sep 2006, Ganbold wrote:
#
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_user#3 $
# $FreeBSD: src/contrib/openbsm/etc/audit_user,v 1.2.2.1 2006/09/02 10:46:00
rwatson Exp $
#
#root:lo:no
root:all:no
I'm bit confused here I thought auditd should log all activities, but I
don't see any log files. Am I doing something wrong here or my understanding
regarding auditd is wrong?
Your configuration looks right to me, and should be generating a ridiculous
number of audit records. Could you try rebooting and logging in again?
audit_user entries take effect only as of login, similar to /etc/group
settings, etc. How are you logging into the system?
On my local RELENG_6 system, with the recent auditctl(2) fix, I'm using the
following global settings to audit programs run by authenticated users:
dir:/var/audit
flags:lo,+ex
minfree:20
naflags:lo
It seems to be working properly. User space login/logout auditing won't work
in RELENG_6 until the MFC of Christian's recent tweaks to pipe preselection,
which will occurr in a few days (and hence should appear in BETA2).
Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
