Re: Auditing / Logging

From: Mike Hoskins (mike_at_adept.org)
Date: 01/13/04

  • Next message: Shawn Jackson: "RE: Securing SSH"
    Date: Tue, 13 Jan 2004 14:33:24 -0800
    To: security-basics@securityfocus.com
    
    

    Don Parker wrote:
    > Well, you raise a valid point as to the commands not being logged.
    > Again I would prefer simplicity, so just install a keylogger.

    if you build a script that runs your "standard test suite" (so the same
    tests or subset of tests is always ran... running ad-hoc commands is
    obviously a bad thing, as overworked staff can forget to run certain
    commands, etc.), it is easy to log both the command and the output (with
    timestamps). i think that is simpler than managing another app, even
    something like a keylogger. it's also easy to do... on any platform.

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------


  • Next message: Shawn Jackson: "RE: Securing SSH"