Securituy - logging of user commands

Peter Boosten peter at boosten.org
Wed Jul 25 12:27:28 UTC 2012 

Have you ever considered the audit function of FreeBSD?


Peter Boosten

On 25 jul. 2012, at 13:47, Damien Fleuriot <ml at my.gd> wrote:

> Hello list,
> 
> 
> 
> We're currently working towards the PCI DSS certification (Payment Card
> Industry) for a project at work.
> 
> 
> One of the prerequisites is that all user commands be logged.
> 
> We're currently using a very bad hack that takes the last command from a
> user's history and sends it to a log server.
> 
> This of course is unreliable as a user may entirely disable their
> history, or just use another shell to bypass the csh function or whatever.
> 
> 
> 
> My colleagues installed Snoopy on debian and it seems to work wonders as
> a module which is LD preloaded.
> 
> 
> I notice it also exists on FreeBSD as /usr/ports/security/snoopy .
> 
> 
> However I face several problems with it, mainly it doesn't seem to log
> anything.
> 
> 
> 
> As per the README, I have added "/usr/local/lib/snoopy.so" to
> /etc/ld.so.preload
> 
> I'm not even sure this file is used on BSD ?
> 
> As per the man page for ld.so there's no such file:
> http://www.freebsd.org/cgi/man.cgi?query=ld.so
> 
> Neither libmap.conf nor ldconfig(8) seem to be the answer either.
> 
> 
> 
> I've googled for ld.so.conf and found the following 2 posts which seem
> to indicate it isn't used either:
> http://lists.freebsd.org/pipermail/freebsd-hackers/2003-June/001746.html
> http://lists.freebsd.org/pipermail/freebsd-hackers/2003-June/001747.html
> 
> The posts mention -current but date back from 2003.
> 
> 
> 
> Lastly, I have also noticed that the port installs /usr/local/bin/detect
> which I executed and would always reply "something's fishy".
> 
> By looking at the (very short) source I noticed the program merely loads
> /lib/libc.so.6 , and it wouldn't find it on my system (8.3-STABLE with
> /lib/libc.so.7).
> Adjusting and recompiling lets the program correctly print "secure" but
> it does nothing else.
> 
> I have checked that the output /usr/local/lib/snoopy.so module is linked
> against libc.so.7 , and it is.
> 
> 
> 
> Has anyone ever got Snoopy to work on BSD ?
> Might I need to install linux emulation ?
> 
> Is there any other port that might do the job and which I could use ?
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list