mod_audit
The mod_audit
module implements audit logging using the
Basic Security Module (BSM) API, originally developed by
Sun. The BSM API is now available on other platforms via the
OpenBSM project. For
more reading on this, see:
The most current version of mod_audit
can be found at:
http://www.castaglia.org/proftpd/
Please contact TJ Saunders <tj at castaglia.org> with any questions, concerns, or suggestions regarding this module.
The AuditEngine
directive toggles the auditing (via BSM) of
FTP sessions via mod_audit
. This directive can thus be used
to disable mod_audit
if necessary.
The AuditEventID
directive configures the ID that the
mod_audit
module should use when recording any application-specific
events in the audit logs. By default, the mod_audit
module
will attempt to use the AUE_ftpd
ID, if available.
The AuditLog
directive is used to specify a log file for
mod_audit
's reporting on a per-server basis. The file
parameter given must be the full path to the file to use for logging.
Note that this path must not be to a world-writable directory and,
unless AllowLogSymlinks
is explicitly set to on
(generally a bad idea), the path must not be a symbolic link.
mod_audit
, go to the third-party module area in
the proftpd source code and unpack the mod_audit
source tarball:
cd proftpd-dir/contrib/ tar zxvf /path/to/mod_audit-version.tar.gzafter unpacking the latest proftpd-1.3.2 source code. For including
mod_audit
as a staticly linked module:
./configure --with-modules=mod_audit ...Alternatively,
mod_audit
can be built as a DSO module:
./configure --enable-dso --with-shared=mod_audit ...Then follow the usual steps:
make make install
Example Configuration
<IfModule mod_audit.c> AuditEngine on AuditLog /etc/proftpd/audit.log </IfModule>