Re: Question on security..

From: Richard Bates <bates_at_telehouse.com>
Date: Wed, 16 Jan 2008 14:00:55 -0500
Ok,
	I setup a test server with
    	FreeBSd 6.2 installed
	Compiled the kernel to include auditd
	SAMBA3, NetAtalk, and SSH enabled

Audit seems to log the ssh connections,
but doesn't log the smb/cifs netatalk connections.
I'd also like to monitor MySQl connections.


Is there a way to do this?
I went through the audit section of the handbook,
but there is nothing specific.

Thanks

On Jan 15, 2008, at 11:18 AM, Robert Watson wrote:

>
> On Tue, 15 Jan 2008, Richard Bates wrote:
>
>> I know login failures are logged in /var/log/auth.log
>>
>> is there a way to log the login of users in this log say something  
>> like
>>
>> Jan 15 10:59:00 MyServer sshd[91869]: User bates authenticated  
>> from 172.18.1.139
>> Jan 15 10:59:00 MyServer sshd[91869]: User bates Disconnected from  
>> 172.18.1.139
>
> The normal system lastlog, accessed via last(1), does this fairly  
> well.  As you notch up the level of logging on sshd, it should also  
> be able to do that. However, I tend to use audit for the above type  
> of functionality, as the results are more parseable using tools  
> like auditreduce.  There's a handbook chapter on how to configure  
> and use audit, should you be looking for something a bit more on  
> that scale of things.
>
> Robert N M Watson
> Computer Laboratory
> University of Cambridge
>
Received on Wed Jan 16 2008 - 18:01:00 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:26 UTC