Source string Read only

(itstool) path: sect1/indexterm
37/370
Context English State
The <literal>Category</literal> refers to the affected part of the system which may be one of <literal>core</literal>, <literal>contrib</literal>, or <literal>ports</literal>. The <literal>core</literal> category means that the vulnerability affects a core component of the FreeBSD operating system. The <literal>contrib</literal> category means that the vulnerability affects software included with FreeBSD, such as <application>BIND</application>. The <literal>ports</literal> category indicates that the vulnerability affects software available through the Ports Collection.
The <literal>Module</literal> field refers to the component location. In this example, the <literal>bind</literal> module is affected; therefore, this vulnerability affects an application installed with the operating system.
The <literal>Announced</literal> field reflects the date the security advisory was published. This means that the security team has verified that the problem exists and that a patch has been committed to the FreeBSD source code repository.
The <literal>Credits</literal> field gives credit to the individual or organization who noticed the vulnerability and reported it.
The <literal>Affects</literal> field explains which releases of FreeBSD are affected by this vulnerability.
The <literal>Corrected</literal> field indicates the date, time, time offset, and releases that were corrected. The section in parentheses shows each branch for which the fix has been merged, and the version number of the corresponding release from that branch. The release identifier itself includes the version number and, if appropriate, the patch level. The patch level is the letter <literal>p</literal> followed by a number, indicating the sequence number of the patch, allowing users to track which patches have already been applied to the system.
The <literal>CVE Name</literal> field lists the advisory number, if one exists, in the public <link xlink:href="http://cve.mitre.org">cve.mitre.org</link> security vulnerabilities database.
The <literal>Background</literal> field provides a description of the affected module.
The <literal>Problem Description</literal> field explains the vulnerability. This can include information about the flawed code and how the utility could be maliciously used.
The <literal>Impact</literal> field describes what type of impact the problem could have on a system.
The <literal>Workaround</literal> field indicates if a workaround is available to system administrators who cannot immediately patch the system .
The <literal>Solution</literal> field provides the instructions for patching the affected system. This is a step by step tested and verified method for getting a system patched and working securely.
The <literal>Correction Details</literal> field displays each affected Subversion branch with the revision number that contains the corrected code.
The <literal>References</literal> field offers sources of additional information regarding the vulnerability.
Process Accounting
<primary>Process Accounting</primary>
Process accounting is a security method in which an administrator may keep track of system resources used and their allocation among users, provide for system monitoring, and minimally track a user's commands.
Process accounting has both positive and negative points. One of the positives is that an intrusion may be narrowed down to the point of entry. A negative is the amount of logs generated by process accounting, and the disk space they may require. This section walks an administrator through the basics of process accounting.
If more fine-grained accounting is needed, refer to <xref linkend="audit"/>.
Enabling and Utilizing Process Accounting
Before using process accounting, it must be enabled using the following commands:
<prompt>#</prompt> <userinput>sysrc accounting_enable=yes</userinput>
<prompt>#</prompt> <userinput>service accounting start</userinput>
The accounting information is stored in files located in <filename>/var/account</filename>, which is automatically created, if necessary, the first time the accounting service starts. These files contain sensitive information, including all the commands issued by all users. Write access to the files is limited to <systemitem class="username">root</systemitem>, and read access is limited to <systemitem class="username">root</systemitem> and members of the <systemitem class="groupname">wheel</systemitem> group. To also prevent members of <systemitem class="groupname">wheel</systemitem> from reading the files, change the mode of the <filename>/var/account</filename> directory to allow access only by <systemitem class="username">root</systemitem>.
Once enabled, accounting will begin to track information such as <acronym>CPU</acronym> statistics and executed commands. All accounting logs are in a non-human readable format which can be viewed using <command>sa</command>. If issued without any options, <command>sa</command> prints information relating to the number of per-user calls, the total elapsed time in minutes, total <acronym>CPU</acronym> and user time in minutes, and the average number of <acronym>I/O</acronym> operations. Refer to <citerefentry><refentrytitle>sa</refentrytitle><manvolnum>8</manvolnum></citerefentry> for the list of available options which control the output.
To display the commands issued by users, use <command>lastcomm</command>. For example, this command prints out all usage of <command>ls</command> by <systemitem class="username">trhodes</systemitem> on the <literal>ttyp1</literal> terminal:
<prompt>#</prompt> <userinput>lastcomm ls trhodes ttyp1</userinput>
Many other useful options exist and are explained in <citerefentry><refentrytitle>lastcomm</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>acct</refentrytitle><manvolnum>5</manvolnum></citerefentry>, and <citerefentry><refentrytitle>sa</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
Resource Limits
<primary>Resource limits</primary>
FreeBSD provides several methods for an administrator to limit the amount of system resources an individual may use. Disk quotas limit the amount of disk space available to users. Quotas are discussed in <xref linkend="quotas"/>.
<primary>quotas</primary>

Loading…

No matching activity found.

Browse all component changes

Things to check

Multiple failing checks

The translations in several languages have failing checks

Reset

Glossary

English English
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: sect1/indexterm
Flags
read-only
Source string location
book.translate.xml:29210
String age
a year ago
Source string age
a year ago
Translation file
books/handbook.pot, string 4705