audit in jail
George Mamalakis
mamalos at eng.auth.gr
Fri Mar 2 17:03:00 UTC 2012
On 03/02/12 18:17, George Mamalakis wrote:
> Ah!
>
> And one more thing with respect to this issue. Since I realized that
> probably I won't be able to run audit within a jail, I tried to
> continue with my work from outside the jail. What I need is to audit
> some system users (like www) inside my jails and do stuff with their
> audit trails. In order to be able to audit www's actions, I downloaded
> setaudit from http://www.freebsd.org/~csjp/setaudit.c which allows
> this functionality. setaudit works fine from outside my jails, but
> when I run it from within a jail, I get the following error again:
>
> [root at in-jail] # setaudit -awww -mfr /bin/ls
> setaudit: setaudit_addr: Function not implemented
>
> Is there, at least, some
> easy/secure/not-whole-system-configuration-changing way to start
> apache from within a jail to be able to audit his actions from outside
> the jail?
>
> Thank you all in advance, once more.
>
OK, found it!
I am running:
[root at out-of-jail] setaudit -awww -m fr,fw,fa,fm,fc,fd,cl jexec 6
/usr/local/bin/sudo -u www /usr/local/sbin/apachectl startssl
from outside the jails and it works like a charm! Nasty, but at least
it's working...
Thank you all anyway!
--
George Mamalakis
IT and Security Officer
Electrical and Computer Engineer (Aristotle Un. of Thessaloniki),
MSc (Imperial College of London)
Department of Electrical and Computer Engineering
Faculty of Engineering
Aristotle University of Thessaloniki
phone number : +30 (2310) 994379
More information about the freebsd-stable
mailing list