ProFTPD module mod_audit



The mod_audit module implements audit logging using the Basic Security Module (BSM) API, originally developed by Sun. The BSM API is now available on other platforms via the OpenBSM project. For more reading on this, see:

The most current version of mod_audit can be found at:

  http://www.castaglia.org/proftpd/

Author

Please contact TJ Saunders <tj at castaglia.org> with any questions, concerns, or suggestions regarding this module.

Directives


AuditEngine

Syntax: AuditEngine on|off
Default: off
Context: "server config", <VirtualHost>, <Global>
Module: mod_audit
Compatibility: 1.3.2rc3 and later

The AuditEngine directive toggles the auditing (via BSM) of FTP sessions via mod_audit. This directive can thus be used to disable mod_audit if necessary.


AuditEventID

Syntax: AuditEventID id
Default: None
Context: "server config", <VirtualHost>, <Global>
Module: mod_audit
Compatibility: 1.3.2rc3 and later

The AuditEventID directive configures the ID that the mod_audit module should use when recording any application-specific events in the audit logs. By default, the mod_audit module will attempt to use the AUE_ftpd ID, if available.


AuditLog

Syntax: AuditLog file|"none"
Default: None
Context: "server config", <VirtualHost>, <Global>
Module: mod_audit
Compatibility: 1.3.2rc3 and later

The AuditLog directive is used to specify a log file for mod_audit's reporting on a per-server basis. The file parameter given must be the full path to the file to use for logging.

Note that this path must not be to a world-writable directory and, unless AllowLogSymlinks is explicitly set to on (generally a bad idea), the path must not be a symbolic link.


Installation

To install mod_audit, go to the third-party module area in the proftpd source code and unpack the mod_audit source tarball:
  cd proftpd-dir/contrib/
  tar zxvf /path/to/mod_audit-version.tar.gz
after unpacking the latest proftpd-1.3.2 source code. For including mod_audit as a staticly linked module:
  ./configure --with-modules=mod_audit ...
Alternatively, mod_audit can be built as a DSO module:
  ./configure --enable-dso --with-shared=mod_audit ...
Then follow the usual steps:
  make
  make install


Usage

Example Configuration

  <IfModule mod_audit.c>
    AuditEngine on
    AuditLog /etc/proftpd/audit.log
  </IfModule>



Author: $Author: tjs $
Last Updated: $Date: 2008/10/06 16:45:16 $


© Copyright 2008 TJ Saunders
All Rights Reserved