From 466b0f1fa3624986b8b8a11e70cca1ace8ffb12c Mon Sep 17 00:00:00 2001 From: Fukang Chen Date: Mon, 16 Sep 2019 01:55:47 +0000 Subject: [PATCH] Update the Process Accounting section. PR: 202203 Reviewed by: ian Submitted by: ian Differential Revision: https://reviews.freebsd.org/D20878 --- .../books/handbook/security/chapter.xml | 21 +++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.xml b/en_US.ISO8859-1/books/handbook/security/chapter.xml index 91258075fc..73fe443c13 100644 --- a/en_US.ISO8859-1/books/handbook/security/chapter.xml +++ b/en_US.ISO8859-1/books/handbook/security/chapter.xml @@ -3567,10 +3567,23 @@ UWWemqWuz3lAZuORQ9KX Before using process accounting, it must be enabled using the following commands: - &prompt.root; touch /var/account/acct -&prompt.root; chmod 600 /var/account/acct -&prompt.root; accton /var/account/acct -&prompt.root; sysrc accounting_enable=yes + &prompt.root; sysrc accounting_enable=yes +&prompt.root; service accounting start + + The accounting information is stored in files located in + /var/account, which is automatically created, + if necessary, the first time the accounting service starts. + These files contain sensitive information, including all the + commands issued by all users. Write access to the files is + limited to root, + and read access is limited to root and members of the + wheel group. + To also prevent members of wheel from reading the files, + change the mode of the /var/account + directory to allow access only by root. Once enabled, accounting will begin to track information such as CPU statistics and executed