Changeset View
Changeset View
Standalone View
Standalone View
head/en_US.ISO8859-1/books/handbook/security/chapter.xml
Show First 20 Lines • Show All 3,561 Lines • ▼ Show 20 Lines | <xref linkend="audit"/>.</para> | ||||
</note> | </note> | ||||
<sect2> | <sect2> | ||||
<title>Enabling and Utilizing Process Accounting</title> | <title>Enabling and Utilizing Process Accounting</title> | ||||
<para>Before using process accounting, it must be enabled using | <para>Before using process accounting, it must be enabled using | ||||
the following commands:</para> | the following commands:</para> | ||||
<screen>&prompt.root; <userinput>touch /var/account/acct</userinput> | <screen>&prompt.root; <userinput>sysrc accounting_enable=yes</userinput> | ||||
&prompt.root; <userinput>chmod 600 /var/account/acct</userinput> | &prompt.root; <userinput>service accounting start</userinput></screen> | ||||
&prompt.root; <userinput>accton /var/account/acct</userinput> | |||||
&prompt.root; <userinput>sysrc accounting_enable=yes</userinput></screen> | <para>The accounting information is stored in files located in | ||||
<filename>/var/account</filename>, which is automatically created, | |||||
if necessary, the first time the accounting service starts. | |||||
These files contain sensitive information, including all the | |||||
commands issued by all users. Write access to the files is | |||||
limited to <systemitem class="username">root</systemitem>, | |||||
and read access is limited to <systemitem | |||||
class="username">root</systemitem> and members of the | |||||
<systemitem class="groupname">wheel</systemitem> group. | |||||
To also prevent members of <systemitem | |||||
class="groupname">wheel</systemitem> from reading the files, | |||||
change the mode of the <filename>/var/account</filename> | |||||
directory to allow access only by <systemitem | |||||
class="username">root</systemitem>.</para> | |||||
<para>Once enabled, accounting will begin to track information | <para>Once enabled, accounting will begin to track information | ||||
such as <acronym>CPU</acronym> statistics and executed | such as <acronym>CPU</acronym> statistics and executed | ||||
commands. All accounting logs are in a non-human readable | commands. All accounting logs are in a non-human readable | ||||
format which can be viewed using <command>sa</command>. If | format which can be viewed using <command>sa</command>. If | ||||
issued without any options, <command>sa</command> prints | issued without any options, <command>sa</command> prints | ||||
information relating to the number of per-user calls, the | information relating to the number of per-user calls, the | ||||
total elapsed time in minutes, total <acronym>CPU</acronym> | total elapsed time in minutes, total <acronym>CPU</acronym> | ||||
▲ Show 20 Lines • Show All 551 Lines • Show Last 20 Lines |