Security - logging of user commands
jb
jb.1234abcd at gmail.com
Thu Jul 26 20:28:32 UTC 2012
Damien Fleuriot <ml <at> my.gd> writes:
> ...
> Might anyone confirm the issue ?
>
> The above is true for 8.1-RELEASE, 8-STABLE , 9-STABLE with snoopy being
> at version 1.8.0 on all of them.
$ uname -r
9.0-RELEASE-p3
$ man ldconfig
...
Filenames must conform to the lib*.so.[0-9] pattern in order to
be added to the hints file.
...
FILES
/var/run/ld.so.hints Standard hints file for the a.out dynamic
linker.
/var/run/ld-elf.so.hints Standard hints file for the ELF dynamic
linker.
/etc/ld.so.conf Conventional configuration file containing
directory names for invocations with -aout.
/etc/ld-elf.so.conf Conventional configuration file containing
directory names for invocations with -elf.
/var/run/ld-elf32.so.hints
/var/run/ld32.so.hints Conventional configuration files containing
directory names for invocations with -32.
/etc/objformat Determines whether -aout or -elf is the
default. If present, it must consist of a
single line containing either
`OBJFORMAT=aout' or `OBJFORMAT=elf'.
...
$
# ls -al /usr/local/lib/libsnoopy.so*
lrwxr-xr-x 1 root wheel 14 Jul 26 20:43 /usr/local/lib/libsnoopy.so ->
libsnoopy.so.1
-r-xr-xr-x 1 root wheel 4824 Jul 26 20:07 /usr/local/lib/libsnoopy.so.1
$ grep ldconfig /etc/defaults/rc.conf
...
ldconfig_paths=... /usr/local/lib ...
...
# /etc/rc.d/ldconfig start
...
ldconfig_start()
...
for i in ${ldconfig_paths} /etc/ld-elf.so.conf; do
if [ -r "${i}" ]; then
_LDC="${_LDC} ${i}"
fi
done
check_startmsgs && echo 'ELF ldconfig path:' ${_LDC}
${ldconfig} -elf ${_ins} ${_LDC}
...
$ ldconfig -r
/var/run/ld-elf.so.hints:
search directories:
/lib:/usr/lib:/usr/lib/compat:/usr/local/lib:/usr/local/lib/event2:/usr/local
/lib/gcc46:/usr/local/lib/graphviz:/usr/local/lib/libxul:/usr/local/lib/nss:
/usr/local/lib/pth:/usr/local/lib/qt4
0:-lc.7 => /lib/libc.so.7
...
465:-lsnoopy.1 => /usr/local/lib/libsnoopy.so.1
...
$
# man ldconfig
...
# tail /var/log/auth.log
...
Jul 26 22:12:38 localhost snoopy[5884]: [uid:0 sid:2957 tty:/dev/pts/2
cwd:/usr/local/lib filename:/sbin/sysctl]: /sbin/sysctl -n hw.machine_arch
Jul 26 22:12:38 localhost snoopy[5885]: [uid:0 sid:2957 tty:/dev/pts/2
cwd:/usr/local/lib filename:/sbin/sysctl]: /sbin/sysctl -n hw.machine
Jul 26 22:12:38 localhost snoopy[5886]: [uid:0 sid:2957 tty:/dev/pts/2
cwd:/usr/local/lib filename:/usr/bin/locale]: /usr/bin/locale
Jul 26 22:12:38 localhost snoopy[5889]: [uid:0 sid:2957 tty: cwd:/usr/local/lib
filename:/usr/bin/head]: head -1
Jul 26 22:12:38 localhost snoopy[5888]: [uid:0 sid:2957 tty:/dev/pts/2
cwd:/usr/local/lib filename:/usr/bin/zcat]: /usr/bin/zcat
/usr/share/man/man8/ldconfig.8.gz
Jul 26 22:12:38 localhost snoopy[5892]: [uid:0 sid:2957 tty: cwd:/usr/local/lib
filename:/usr/bin/groff]: groff -S -P-h -Wall -mtty-char -man -Tascii -P-c
Jul 26 22:12:38 localhost snoopy[5891]: [uid:0 sid:2957 tty: cwd:/usr/local/lib
filename:/usr/bin/tbl]: tbl
Jul 26 22:12:38 localhost snoopy[5890]: [uid:0 sid:2957 tty:/dev/pts/2
cwd:/usr/local/lib filename:/usr/bin/zcat]: /usr/bin/zcat
/usr/share/man/man8/ldconfig.8.gz
Jul 26 22:12:38 localhost snoopy[5893]: [uid:0 sid:2957 tty: cwd:/usr/local/lib
filename:/usr/bin/more]: more
# /etc/rc.d/named status
Cannot 'status' named. Set named_enable to YES in /etc/rc.conf or use
'onestatus' instead of 'status'.
# tail /var/log/auth.log
...
Jul 26 22:16:40 localhost snoopy[5917]: [uid:0 sid:2957 tty:/dev/pts/2
cwd:/usr/local/lib filename:/bin/ps]: /bin/ps -ww -p 5916 -o jid=
Jul 26 22:16:40 localhost snoopy[5919]: [uid:0 sid:2957 tty:/dev/pts/2
cwd:/usr/local/lib filename:/bin/ps]: /bin/ps -ww -o pid= -o jid= -o command=
-ax
#
jb
More information about the freebsd-questions
mailing list