Re: auditing users within a jail

[Eitan Adler]

On 14 March 2018 at 06:13, Mateusz Piotrowski <0...@freebsd.org> wrote:
> On Sun, 11 Mar 2018 22:17:47 -0500
> Christian Peron  wrote:
>
>>However, it is possible for processes in jails to produce audit
>>records. The processes just need an audit mask. Since audit masks
>>(configurations) are inherited across forks, you could set a global
>>audit configuration for the jail using the following tool (or
>>something like it):
>>
>>https://github.com/csjayp/setaudit (I just dropped it on to github)
>
> FYI, I'll submit a new setaudit port if Christian decides to pull in my
> enhancements.

We chatted a bit offline, but thanks for the info! That was really helpful.



-- 
Eitan Adler
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"

Re: auditing users within a jail

[Mateusz Piotrowski]

On Sat, 17 Mar 2018 04:48:52 -0700
Eitan Adler  wrote:

>On 14 March 2018 at 06:13, Mateusz Piotrowski <0...@freebsd.org> wrote:
>> On Sun, 11 Mar 2018 22:17:47 -0500
>> Christian Peron  wrote:
>>  
>>>However, it is possible for processes in jails to produce audit
>>>records. The processes just need an audit mask. Since audit masks
>>>(configurations) are inherited across forks, you could set a global
>>>audit configuration for the jail using the following tool (or
>>>something like it):
>>>
>>>https://github.com/csjayp/setaudit (I just dropped it on to github)  
>>
>> FYI, I'll submit a new setaudit port if Christian decides to pull in
>> my enhancements.  
>
>We chatted a bit offline, but thanks for the info! That was really
>helpful.

:)

BTW, the new port is already waiting on Bugzilla:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226627
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"