diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2023-03-03 16:22:58 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2023-03-03 16:22:58 +0000 |
| commit | 4f770059a9ed19b306907ba618cdba81953655dd (patch) | |
| tree | c50215bc573019b35c4d91e7550607825f322838 /etc | |
| parent | 73065cb058df33f9aa416d2c1e46f145275127d9 (diff) | |
Process accounting and lastcomm(1) can detect execve(2) violations
of pinsyscall(2) policy. Report such findings in daily mail like
other security violations. User has to turn on accounting=YES in
rc.conf.local to utilize this feature.
OK deraadt@
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/daily | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/daily b/etc/daily index 96d6ac4cc92..5d052e3239c 100644 --- a/etc/daily +++ b/etc/daily @@ -1,5 +1,5 @@ # -# $OpenBSD: daily,v 1.96 2022/10/19 21:23:31 sthen Exp $ +# $OpenBSD: daily,v 1.97 2023/03/03 16:22:57 bluhm Exp $ # From: @(#)daily 8.2 (Berkeley) 1/25/94 # # For local additions, create the file /etc/daily.local. @@ -74,7 +74,7 @@ if [ -f /var/account/acct ]; then mv -f /var/account/acct.0 /var/account/acct.1 cp -f /var/account/acct /var/account/acct.0 sa -sq - lastcomm -f /var/account/acct.0 | grep -e ' -[A-Z]*[MPTU]' + lastcomm -f /var/account/acct.0 | grep -e ' -[A-Z]*[EMPTU]' fi # If ROOTBACKUP is set to 1 in the environment, and |