Re: root shell auditing
- From: "Philip Turner" <p.turner@xxxxxxxxxxxx>
- Date: Mon, 04 Aug 2008 10:46:18 +0000
On 31 Jul 2008 at 10:24, Hari Sekhon wrote:
Diego Lacerda wrote:
Hi, Mars,I've tried this, it lacks some detail if I remember correctly it doesn't
I think that you could use Linux Process Accounting to audit
everything that you need in a shell environment.
log params as it was designed for process accounting, not security
auditing, which could mean missing a lot as sometimes it's the
parameters that make all the difference between a normal and a dangerous
action.
I'll just play play devil's advocate for a moment here, and
suggest that as you log more and more detail you increase the
risk that you'll include sensitive information that shouldn't be
revealed to whoever reviews the security logs. Eventually you've
just replaced the need to trust the admins with the need to
trust the security reviewers.
(I'm not saying you've reached this point yet, just that it's
something to think about each time you up the level of detail.)
So far for me, snoopy comes closest.
-h
--
Hari Sekhon
--
Phil Turner
Computers have no common sense - _we_users_ need to supply that.
- Follow-Ups:
- Re: root shell auditing
- From: Hari Sekhon
- Re: root shell auditing
- References:
- Re: root shell auditing
- From: Hari Sekhon
- Re: root shell auditing
- Prev by Date: RE: root shell auditing
- Next by Date: Re: root shell auditing
- Previous by thread: Re: root shell auditing
- Next by thread: Re: root shell auditing
- Index(es):
Relevant Pages
|
