mod_audit
The mod_audit module implements audit logging using the
Basic Security Module (BSM) API, originally developed by
Sun. The BSM API is now available on other platforms via the
OpenBSM project. For
more reading on this, see:
The most current version of mod_audit can be found at:
http://www.castaglia.org/proftpd/
Please contact TJ Saunders <tj at castaglia.org> with any questions, concerns, or suggestions regarding this module.
The AuditEngine directive toggles the auditing (via BSM) of
FTP sessions via mod_audit. This directive can thus be used
to disable mod_audit if necessary.
The AuditEventID directive configures the ID that the
mod_audit module should use when recording any application-specific
events in the audit logs. By default, the mod_audit module
will attempt to use the AUE_ftpd ID, if available.
The AuditLog directive is used to specify a log file for
mod_audit's reporting on a per-server basis. The file
parameter given must be the full path to the file to use for logging.
Note that this path must not be to a world-writable directory and,
unless AllowLogSymlinks is explicitly set to on
(generally a bad idea), the path must not be a symbolic link.
mod_audit, go to the third-party module area in
the proftpd source code and unpack the mod_audit source tarball:
cd proftpd-dir/contrib/ tar zxvf /path/to/mod_audit-version.tar.gzafter unpacking the latest proftpd-1.3.2 source code. For including
mod_audit as a staticly linked module:
./configure --with-modules=mod_audit ...Alternatively,
mod_audit can be built as a DSO module:
./configure --enable-dso --with-shared=mod_audit ...Then follow the usual steps:
make make install
Example Configuration
<IfModule mod_audit.c>
AuditEngine on
AuditLog /etc/proftpd/audit.log
</IfModule>