Re: Accounting changes
- From: Diomidis Spinellis <dds@xxxxxxx>
- Date: Fri, 20 Apr 2007 09:01:57 +0300
Poul-Henning Kamp wrote:
In message <4627DD51.9020003@xxxxxxx>, Diomidis Spinellis writes:Poul-Henning Kamp wrote:In message <20070419212253.L2913@xxxxxxxxxxxxxxxxx>, Robert Watson writes:Isn't this purpose mostly served by joining the accounting record with wtmp on the ll_line field to obtain the IP address from the ll_host field?
This field is useless, nobody uses hardwired RS-232 terminals__dev_t ac_tty; /* controlling tty */
anymore.
What we should do is add a systemcall or sysctl, so session creators
like getty, sshd and similar can install a session indentifying string
on the session, and then dump that in the accounting.
sshd would log IP+port and possibly also credential used for auth.
The IP number alone is not a "session identifier", you want the ID
of the credential that gave access as well.
Agreed. But, still, the credential identifier should be part of wtmp and not burden every accounting record. There is also the problem of processes running without a controlling terminal, like non-interactive ssh commands, crontab jobs, and so on. Let's try to solve this in a next version of the accounting record, which should be a lot easier to implement, once we get this one right.
_______________________________________________
freebsd-arch@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@xxxxxxxxxxx"
- References:
- Re: Accounting changes
- From: Poul-Henning Kamp
- Re: Accounting changes
- Prev by Date: Re: Accounting changes
- Next by Date: md directories in the install
- Previous by thread: Re: Accounting changes
- Next by thread: Re: Accounting changes
- Index(es):
Relevant Pages
|
|
