Hi, Mars,

I think that you could use Linux Process Accounting to audit
everything that you need in a shell environment.

Regards,
Diego Lacerda.

On 7/28/08, Mars Gobetti <erresei6 (at) libero (dot) it [email concealed]> wrote:
> In an effort to comply with iso 27001, Webtrust and other security certifications I need to audit root shell usage on many linux servers: every bash command entered in the shell ,with timestamps, and possibly logging to a remote server.
> Which is the best (enterprise class) way to do that?
>
> Currently in our environment administrators get root shell access using sudo -i. Do I need to change this?
> I've seen around sudosh (wich do the job locally), then Enterprise Audit Shell, but it seems to me this projects are not active any more.
> Will Free IPA be an answer?
>
> Thank you,
>
> Mars Gobetti
>
>

--
Diego Evaristo de Lacerda (diegolacerda (at) gmail (dot) com [email concealed])
Analista de Projetos
LPIC Level III & Redhat Certified Engineer & Cisco Certified Network Associates

URL: conectado.motime.com

[ reply ]