Determine which user started tcp connection
Terje Elde
terje at elde.net
Sun Nov 29 20:03:11 UTC 2015
> On 29 Nov 2015, at 16:15, Artem Kuchin <artem at artem.ru> wrote:
>
> I have a jail with shared hosting. Many sites are hosted. Each on its own user.
> I want to monitor their external connections. I allow external connections but want to
> see what's going on.
> IPFW allowes easily to see all outgoing connection setups from jail, but i cannot
> see which user started it.
> I googled and i see that requests to add UID to IPFW log were first in 2008 but
> i still do not see it in the version 10.
>
> So, is there a way to log UID and connection params (dst ip and port) ?
pflog can give you that.
It can give you pid as well, and combined with audit-logging, that could give you the program that’s causing it, not just the user.
Terje
More information about the freebsd-questions
mailing list