OpenBSM: does somebody work on it?
Lev Serebryakov
lev at FreeBSD.org
Wed Jun 29 10:59:21 UTC 2011
Hello, Freebsd-security.
I'm trying to use audit, and has some problems. First one is
impossiblity to create custom event class, and second one I hit is
with auditreduce(1)
auditreduce doesn't filter events by date (-b/-a/-d options with any
arguments produces empty output), it doesn't merge files properly and
doesn't pick up files automagically, as Solaris' one does. It doesn't
have -C/-M/-O functionality of Solaris' one, too. So, proper merging
of audit trial files seems to be impossible :(
I could try to fix & extend auditreduce(1), but does somebdy but me
need it?
Does somebody use audit on FreeBSD on production systems?
--
// Black Lion AKA Lev Serebryakov <lev at FreeBSD.org>
More information about the freebsd-security
mailing list