Re: root shell auditing
- From: JW <jw@xxxxxxxxxx>
- Date: Wed, 30 Jul 2008 11:34:13 -0500
On Monday 28 July 2008 08:34:12 Mars Gobetti wrote:
In an effort to comply with iso 27001, Webtrust and other security
certifications I need to audit root shell usage on many linux servers:
every bash command entered in the shell ,with timestamps, and possibly
logging to a remote server. Which is the best (enterprise class) way to do
that?
Currently in our environment administrators get root shell access using
sudo -i. Do I need to change this? I've seen around sudosh (wich do the job
locally), then Enterprise Audit Shell, but it seems to me this projects are
not active any more. Will Free IPA be an answer?
Consider trying snoopy, it logs all commands that are executed by all users
and daemons - not just directly in the shell, but if you run a script from
the shell and the script calls other commands - they will all be logged. I
find that it helps with debugging sometimes, too.
A few distros package it.
http://freshmeat.net/projects/snoopy_logger/
It does not log bash internals (for example, "alias" or "source") but it will
log any commands that are run by them.
JW
--
----------------------
System Administrator - Cedar Creek Software
http://www.cedarcreeksoftware.com
- References:
- root shell auditing
- From: Mars Gobetti
- root shell auditing
- Prev by Date: RE: root shell auditing
- Previous by thread: RE: root shell auditing
- Index(es):
Relevant Pages
|
