Re: root shell auditing

---

• From: "Gautam R. Singh" <gautam.singh@xxxxxxxxx>
• Date: Wed, 6 Aug 2008 16:30:20 -0400

---

And there is rootsh as well :)

http://freshmeat.net/projects/rootsh/

g@xxxxx


On Wed, Aug 6, 2008 at 3:17 PM, Christian Lete <clete@xxxxxxxxxxxxxxxx> wrote:

Hi,

Maybe sudosh can suit your needs.

http://sourceforge.net/projects/sudosh/

Cheers,

Christian

-----Mensaje original-----
De: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] En
nombre de Hari Sekhon
Enviado el: Miércoles, 06 de Agosto de 2008 03:16 p.m.
Para: cybergod
CC: p.turner@xxxxxxxxxxxx; focus-linux
Asunto: Re: root shell auditing

cybergod wrote:

You can implement a simple system by using /usr/bin/script utility and
pipe it a fifo on a NFS share for example. You need to establish a
policy of course because there's an easy way to go around it. For more
info and example read "man script".

Hope this helps,

Konstantin Ivanov

Yes I know this one. The problems with all of these little hacks is that
they are easily circumventable.

GrSecurity's Exec logging is something I'm investigating right now...
I've used it's chdir logging on a chrooted server of mine and it's quite
thorough.

-h

--
Hari Sekhon

---

• References:
  • Re: root shell auditing
    • From: Hari Sekhon
  • Re: root shell auditing
    • From: Philip Turner
  • Re: root shell auditing
    • From: Hari Sekhon
  • Re: root shell auditing
    • From: Hari Sekhon
  • RE: root shell auditing
    • From: Christian Lete

• Prev by Date: RE: root shell auditing
• Next by Date: problems cloning a hard drive with dcfldd
• Previous by thread: RE: root shell auditing
• Next by thread: problems cloning a hard drive with dcfldd
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-linux  > 2008-08