Focus on Linux
root shell auditing Jul 28 2008 01:34PM
Mars Gobetti (erresei6 libero it) (6 replies)
Re: root shell auditing Jul 30 2008 04:34PM
JW (jw mailsw com)
RE: root shell auditing Jul 30 2008 11:15AM
THORNTON Simon (Simon THORNTON swift com)
Re: root shell auditing Jul 29 2008 02:11PM
Diego Lacerda (diegolacerda gmail com) (1 replies)
Re: root shell auditing Jul 31 2008 09:24AM
Hari Sekhon (hpsekhon googlemail com) (2 replies)
Re: root shell auditing Aug 04 2008 01:09PM
Marian Rudzynski (mr impaled org) (1 replies)
Re: root shell auditing Aug 04 2008 01:30PM
Hari Sekhon (hpsekhon googlemail com) (1 replies)
Re: root shell auditing Aug 05 2008 05:18PM
Glynn Clements (glynn gclements plus com) (1 replies)
Re: root shell auditing Aug 06 2008 08:10AM
Hari Sekhon (hpsekhon googlemail com)
Re: root shell auditing Aug 04 2008 10:46AM
Philip Turner (p turner newman ac uk) (1 replies)
Re: root shell auditing Aug 05 2008 02:01PM
Hari Sekhon (hpsekhon googlemail com)
Re: root shell auditing Jul 29 2008 10:01AM
TJ Easter (tjeaster gmail com) (2 replies)
Re: root shell auditing Jul 31 2008 08:54AM
Hari Sekhon (hpsekhon googlemail com)
RE: root shell auditing Jul 30 2008 07:28AM
Dan Hanman (dan hanman regencyitc co uk)
Re: root shell auditing Jul 29 2008 09:07AM
Huzeyfe ONAL(Gmail) (huzeyfe onal gmail com)
Hi,

you can use auditd (http://linux.die.net/man/8/auditd) for Linux systems.

Huzeyfe ONAL
huzeyfe (at) lifeoverip (dot) net [email concealed]
http://www.lifeoverip.net

Ag guvenligi listesine uye oldunuz mu?
http://netsec.lifeoverip.net
---

On Mon, Jul 28, 2008 at 4:34 PM, Mars Gobetti <erresei6 (at) libero (dot) it [email concealed]> wrote:
>
> In an effort to comply with iso 27001, Webtrust and other security certifications I need to audit root shell usage on many linux servers: every bash command entered in the shell ,with timestamps, and possibly logging to a remote server.
> Which is the best (enterprise class) way to do that?
>
> Currently in our environment administrators get root shell access using sudo -i. Do I need to change this?
> I've seen around sudosh (wich do the job locally), then Enterprise Audit Shell, but it seems to me this projects are not active any more.
> Will Free IPA be an answer?
>
> Thank you,
>
> Mars Gobetti
>

[ reply ]
Re: root shell auditing Jul 29 2008 09:07AM
Tim Brown (tmb 65535 com)


 

Privacy Statement
Copyright 2010, SecurityFocus