Re: root shell auditing



Diego Lacerda wrote:
Hi, Mars,

I think that you could use Linux Process Accounting to audit
everything that you need in a shell environment.
I've tried this, it lacks some detail if I remember correctly it doesn't log params as it was designed for process accounting, not security auditing, which could mean missing a lot as sometimes it's the parameters that make all the difference between a normal and a dangerous action.

So far for me, snoopy comes closest.

-h

--
Hari Sekhon