Re: root shell auditing
- From: Marian Rudzynski <mr@xxxxxxxxxxx>
- Date: Mon, 04 Aug 2008 15:09:29 +0200
Hari Sekhon wrote:
Diego Lacerda wrote:The Kernel accounting/audit might actually be the only real thing here though.Hi, Mars,I've tried this, it lacks some detail if I remember correctly it doesn't log params as it was designed for process accounting, not security auditing, which could mean missing a lot as sometimes it's the parameters that make all the difference between a normal and a dangerous action.
I think that you could use Linux Process Accounting to audit
everything that you need in a shell environment.
So far for me, snoopy comes closest.
-h
I'm currently in need of a thourough accouting/auditing setup myself and I haven't managed to find anything that does the job as needed (e.g. secure)
Snoopy hasn't been maintained for a long time and segfaults on x86_64, "linuxbsm" (an attempt to create a Linux Basic Security Module) hasn't been maintained since 2001 either and bash patches just won't suffice.
So if anyone knows of any other reasonably secure and practicable way to do these things, recommend it. My guess is kernel accounting/audit is the way to go however.
- Follow-Ups:
- Re: root shell auditing
- From: Hari Sekhon
- Re: root shell auditing
- References:
- Re: root shell auditing
- From: Hari Sekhon
- Re: root shell auditing
- Prev by Date: Re: root shell auditing
- Next by Date: Re: root shell auditing
- Previous by thread: Re: problems cloning a hard drive with dcfldd
- Next by thread: Re: root shell auditing
- Index(es):
Relevant Pages
|
