Re: root shell auditing



Hi,

you can use auditd (http://linux.die.net/man/8/auditd) for Linux systems.


Huzeyfe ONAL
huzeyfe@xxxxxxxxxxxxxx
http://www.lifeoverip.net

Ag guvenligi listesine uye oldunuz mu?
http://netsec.lifeoverip.net
---


On Mon, Jul 28, 2008 at 4:34 PM, Mars Gobetti <erresei6@xxxxxxxxx> wrote:

In an effort to comply with iso 27001, Webtrust and other security certifications I need to audit root shell usage on many linux servers: every bash command entered in the shell ,with timestamps, and possibly logging to a remote server.
Which is the best (enterprise class) way to do that?

Currently in our environment administrators get root shell access using sudo -i. Do I need to change this?
I've seen around sudosh (wich do the job locally), then Enterprise Audit Shell, but it seems to me this projects are not active any more.
Will Free IPA be an answer?

Thank you,

Mars Gobetti




Relevant Pages

  • root shell auditing
    ... In an effort to comply with iso 27001, Webtrust and other security certifications I need to audit root shell usage on many linux servers: every bash command entered in the shell,with timestamps, and possibly logging to a remote server. ... I've seen around sudosh, then Enterprise Audit Shell, but it seems to me this projects are not active any more. ...
    (Focus-Linux)
  • Re: root shell auditing
    ... On Monday 28 July 2008 14:34:12 Mars Gobetti wrote: ... certifications I need to audit root shell usage on many linux servers: ... Currently in our environment administrators get root shell access using ... locally), then Enterprise Audit Shell, but it seems to me this projects are ...
    (Focus-Linux)