Re: OpenBSM: does somebody work on it?

On 29 juin 2011, at 12:59, Lev Serebryakov wrote:

auditreduce doesn't filter events by date (-b/-a/-d options with any
arguments produces empty output), it doesn't merge files properly and
doesn't pick up files automagically, as Solaris' one does. It doesn't
have -C/-M/-O functionality of Solaris' one, too. So, proper merging
of audit trial files seems to be impossible :(

I could try to fix & extend auditreduce(1), but does somebdy but me
need it?

Does somebody use audit on FreeBSD on production systems?

I do, almost (I've not finished my settup, but I'm auditing a production server).
May be you'll find this interesting: http://forums.freebsd.org/showthread.php?t=23716#9

patpro

Relevant Pages

  • Re: Partition layout
    ... > The same is applicable to production systems if they are not serving ... Solaris, but isn't it better from a security standpoint to have at least ... /var and /webrootfoo on a separate partition? ...
    (comp.unix.solaris)
  • Re: What fraction of users use Solaris 7, 8, 9 & 10 ?
    ... a free open-source mathematics program to Solaris. ... One aim of the project is to support Solaris 10, ... clue as to the fraction running each versions? ... Those sites running Solaris 8 and 9 are probably doing so because an O/S upgrade would require a significant amount of time and money to test and certify their production systems under a new release. ...
    (comp.unix.solaris)