On 1/6/2013 5:25 PM, Patrick Proniewski wrote:
> On 06 janv. 2013, at 23:11, Mike Tancsa wrote:
>
>> But if I make a simple php script to try and connect out, again, pflog0
>> blocks it and logs it, but it does not show up in the audit logs
>>
>>
>> Any idea what I am missing ?
>
> I think auditd can catch events only for users that have logged in at least
> once. To audit Apache, I've had to install setaudit and launch httpd process
> by using setaudit with proper flags.
> I've modified my /usr/local/etc/rc.d/apache22 file, mainly changing the start
> command to start_cmd="apache22_auditstart" and adding the proper command
> definition:
> I'm then able to log audit events for Apache, according to flags I've set in
> apache22_auditflags.
>
Hi,
Thanks for the reply! Where can I find setaudit ?
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, [email protected]
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
