RE: root shell auditing



Hi,

Maybe sudosh can suit your needs.

http://sourceforge.net/projects/sudosh/

Cheers,

Christian

-----Mensaje original-----
De: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] En
nombre de Hari Sekhon
Enviado el: Miércoles, 06 de Agosto de 2008 03:16 p.m.
Para: cybergod
CC: p.turner@xxxxxxxxxxxx; focus-linux
Asunto: Re: root shell auditing

cybergod wrote:
You can implement a simple system by using /usr/bin/script utility and
pipe it a fifo on a NFS share for example. You need to establish a
policy of course because there's an easy way to go around it. For more
info and example read "man script".

Hope this helps,

Konstantin Ivanov
Yes I know this one. The problems with all of these little hacks is that
they are easily circumventable.

GrSecurity's Exec logging is something I'm investigating right now...
I've used it's chdir logging on a chrooted server of mine and it's quite
thorough.

-h

--
Hari Sekhon