On Sat, 17 Mar 2018 04:48:52 -0700
Eitan Adler wrote:
>On 14 March 2018 at 06:13, Mateusz Piotrowski <0...@freebsd.org> wrote:
>> On Sun, 11 Mar 2018 22:17:47 -0500
>> Christian Peron wrote:
>>
>>>However, it is possible for processes in jails to produce audit
>>>records. The processes just ne
On 14 March 2018 at 06:13, Mateusz Piotrowski <0...@freebsd.org> wrote:
> On Sun, 11 Mar 2018 22:17:47 -0500
> Christian Peron wrote:
>
>>However, it is possible for processes in jails to produce audit
>>records. The processes just need an audit mask. Since audit masks
>>(configurations) are inher
On Sun, 11 Mar 2018 22:17:47 -0500
Christian Peron wrote:
>However, it is possible for processes in jails to produce audit
>records. The processes just need an audit mask. Since audit masks
>(configurations) are inherited across forks, you could set a global
>audit configuration for the jail usin
On Mon, Mar 12, 2018 at 3:17 AM, Christian Peron wrote:
> Hi Eitan,
>
> IIRC the short version is the audit related syscalls are currently
> disabled in
> jails. This means that a jailed process can not set audit configurations
> for
> themselves (or child processes). This also means things lik
Hi Eitan,
IIRC the short version is the audit related syscalls are currently disabled in
jails. This means that a jailed process can not set audit configurations for
themselves (or child processes). This also means things like auditd(8)
wont work.
However, it is possible for processes in jails
)Hi all,
I am fairly new to using the auditd framework. I'd like to set up some
basic auditing for one of my FreeBSD boxes.
The setup is fairly simple:
- host - has "eax" and "root"
- bastion jail - has "bastion" and "root"
I have the following audit_user file:
root:lo:no,ad:no,aa,+fd,+ex
basti
