Hi list,
I'm experimenting with OpenBSM and I'm stuck on something. I've read the
manpages and the handbook section related to it, so either I'm missing
something obvious, or it doesn't work properly yet.
audit_control (relevant part):
flags:+all,-all:no
naflags:lo
audit_user:
username:+all,-all:no
I had fm,fd on my username as a test, for chmod and trying to remove
files. These don't get logged at all. The only thing I've seen thru
praudit is su'ing to root (which gets logged, regardless if I input the
right password or not). The expected result (at least from my basic
knowledge of OpenBSM's syntax, I've been around this for a few hours
only) would be logging every success and every failure from my username.
I am not using console logins, this is over SSH. I'm not sure if they're
related.
The only way I could make OpenBSM log any more than su'ing up was to
change naflags to all.
According to
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit-config.html,
"The naflags option specifies audit classes to be audited for
non-attributed events, such as the login process and system daemons."
So the only thing that could be happening based on my limited knowledge
of this software, is that somehow it cannot distinguish usernames on SSH
connections. This seems odd, to say the least, so I'm resorting to the
list, in the hopes that someone can point me in the right direction.
Hugo
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
