Re: root shell auditing
- From: Hari Sekhon <hpsekhon@xxxxxxxxxxxxxx>
- Date: Thu, 31 Jul 2008 10:24:37 +0100
Diego Lacerda wrote:
Hi, Mars,I've tried this, it lacks some detail if I remember correctly it doesn't log params as it was designed for process accounting, not security auditing, which could mean missing a lot as sometimes it's the parameters that make all the difference between a normal and a dangerous action.
I think that you could use Linux Process Accounting to audit
everything that you need in a shell environment.
So far for me, snoopy comes closest.