Skip to content


Loic requested to merge loic/HardenedBSD:HBSD_LOG into hardened/current/master
    HBSD: add HBSD_LOG_SUID_SGID option
    Added HBSD_LOG_SUID_SGID that can be used to audit a strange system behavior.
    The option is not added to replace auditd which is more comprehensive,
    they is intended to provide a simple analysis can be activated simply and quickly at any time.
    The option is disabled by default but they is easily activated via sysctl:
    sysctl kern.features.hbsd_log_suid_sgid=1
    Then you can analyze the logs in this way:
    dmesg | grep SUID
    [123] [HBSD INTERNAL] uid=1001 exec /usr/local/bin/sudo (SUID/SGID)
    Signed-off-by: Loic <>
    Reviewed-by: Shawn Webb <>
Edited by Loic

Merge request reports