$Id: accounting,v 1.3 2021/11/23 02:53:38 nanons Exp $

Accounting
==========

Accounting is an OpenBSD subsystem which consists of automatically
logging various information about every process on the system, including
its name, the user who started it, time and duration of execution, CPU
usage, as well as any outstanding errors such as pledge(2) violations.

This data can be viewed with lastcomm(1) or summarized with sa(8).
Accumulated data older than 3 days is automatically deleted by daily(8).

To enable accounting:

	# install -o root -g wheel -m 0644 /dev/null /var/account/acct
	# rcctl enable accounting
	# accton /var/account/acct

Daily reports
=============

If accounting is enabled, the daily(8) script will send a mail to
root's account when any processes were killed due to pledge(2) or
memory access violations, or had file access prevented by unveil(2).

This is useful for effortlessly monitoring any misbehaving or even
malicious programs.

To receive convenient notifications of when this has happened, see the
comment header in the etc/daily.local file from this repository.
