Re: root shell auditing



cybergod wrote:
You can implement a simple system by using /usr/bin/script utility and
pipe it a fifo on a NFS share for example. You need to establish a
policy of course because there's an easy way to go around it. For more
info and example read "man script".

Hope this helps,

Konstantin Ivanov
Yes I know this one. The problems with all of these little hacks is that they are easily circumventable.

GrSecurity's Exec logging is something I'm investigating right now... I've used it's chdir logging on a chrooted server of mine and it's quite thorough.

-h

--
Hari Sekhon