Re: root shell auditing


you can use auditd ( for Linux systems.

Huzeyfe ONAL

Ag guvenligi listesine uye oldunuz mu?

On Mon, Jul 28, 2008 at 4:34 PM, Mars Gobetti <erresei6@xxxxxxxxx> wrote:

In an effort to comply with iso 27001, Webtrust and other security certifications I need to audit root shell usage on many linux servers: every bash command entered in the shell ,with timestamps, and possibly logging to a remote server.
Which is the best (enterprise class) way to do that?

Currently in our environment administrators get root shell access using sudo -i. Do I need to change this?
I've seen around sudosh (wich do the job locally), then Enterprise Audit Shell, but it seems to me this projects are not active any more.
Will Free IPA be an answer?

Thank you,

Mars Gobetti