1. ilya-shmel

    Where're audit logs in FreeBSD?

    Hello! I've set up the auditd service in FreeBSD 13.2-RELEASE amd64. in rc.conf auditd_enable="YES" in /etc/security/audit_control 4 dir:/var/audit 5 dist:off 6 flags:lo,aa,ad,ap,ex,fa,fm,pc 7 minfree:5 8 naflags:lo,aa 9 policy:cnt,argv 10 filesz:100M 11 expire-after:10000M...
  2. 2

    Auditd service not getting started

    I am running pfsense, with FreeBSD version 11.2-RELEASE-p6. I am trying to implement some audit activities and I tried starting the auditd service by using the following command: service auditd start But the above is giving the following error: /etc/rc.d/auditd: WARNING: run_rc_command: cannot...
  3. nielsk

    logging what root is doing

    Hi, new audit-requirements came up (yeah EU-GDPR and its requirement for acccountability who did when what when dealing with personal data) and now I try to figure out, how I can log what the root-user is doing, especially when an admin is doing sudo su. As I noticed certain commands like "cd"...
  4. amity88

    Solved Auditing: How to log "permission denied" events?

    Hi guys, I'm looking for a way to record events when an user tries to access or execute a command/file that he doesn't have permissions to. So far, it seems like auditd is the way to go but I just can't get the configuration right. I've tried using ex,pc and na classes but...
  5. J

    How to trigger events within jail on file creation

    I'd like to be able to configure the ability to trigger events within a jail when files are created in specific directories. While I can use auditd and praudit to capture file creation on the host, as far as I know jailed use of that facility isn't possible, even with providing /dev/auditpipe to...