Securituy - logging of user commands
jb
jb.1234abcd at gmail.com
Wed Jul 25 16:15:35 UTC 2012
Damien Fleuriot <ml <at> my.gd> writes:
> ...
> >From my syslog.conf:
> auth.info;authpriv.info /var/log/auth.log
>
> Yet I'm seeing not a trail in /var/log/auth.log , or messages, or even
> in secure
> ...
# less /var/log/auth.log
Feb 22 21:13:56 localhost newsyslog[1503]: logfile first created
Feb 22 21:14:07 localhost login: login on ttyv0 as jb
Feb 22 21:14:15 localhost su: jb to root on /dev/ttyv0
...
Jul 25 15:23:48 localhost su: jb to root on /dev/pts/3
Jul 25 17:25:05 localhost snoopy[50059]: [uid:0 sid:45449 tty:/dev/pts/2
cwd:/usr/ports/security/snoopy filename:/usr/bin/touch]: touch
/etc/ld.so.preload
Jul 25 17:25:05 localhost snoopy[50060]: [uid:0 sid:45449 tty:/dev/pts/2
cwd:/usr/ports/security/snoopy filename:/usr/bin/grep]: grep -c
^/usr/local/lib//snoopy.so /etc/ld.so.preload
Jul 25 17:52:29 localhost snoopy[50145]: [uid:0 sid:46687 tty:/dev/pts/3
cwd:/usr/home/jb filename:/usr/bin/less]: less /var/log/auth.log
Jul 25 17:54:03 localhost snoopy[50148]: [uid:0 sid:46687 tty:/dev/pts/3
cwd:/usr/home/jb filename:/usr/bin/touch]: touch test1
Jul 25 17:54:08 localhost snoopy[50149]: [uid:0 sid:46687 tty:/dev/pts/3
cwd:/usr/home/jb filename:/usr/bin/less]: less /var/log/auth.log
[root at localhost /home/jb]#
jb
More information about the freebsd-questions
mailing list