|
|
Focus on Linux
root shell auditing Jul 28 2008 01:34PM Mars Gobetti (erresei6 libero it) (6 replies) Re: root shell auditing Jul 29 2008 02:11PM Diego Lacerda (diegolacerda gmail com) (1 replies) Re: root shell auditing Jul 31 2008 09:24AM Hari Sekhon (hpsekhon googlemail com) (2 replies) Re: root shell auditing Aug 04 2008 01:09PM Marian Rudzynski (mr impaled org) (1 replies) Re: root shell auditing Aug 04 2008 01:30PM Hari Sekhon (hpsekhon googlemail com) (1 replies) |
|
Privacy Statement |
> Diego Lacerda wrote:
> > Hi, Mars,
> >
> > I think that you could use Linux Process Accounting to audit
> > everything that you need in a shell environment.
> >
> I've tried this, it lacks some detail if I remember correctly it doesn't
> log params as it was designed for process accounting, not security
> auditing, which could mean missing a lot as sometimes it's the
> parameters that make all the difference between a normal and a dangerous
> action.
>
I'll just play play devil's advocate for a moment here, and
suggest that as you log more and more detail you increase the
risk that you'll include sensitive information that shouldn't be
revealed to whoever reviews the security logs. Eventually you've
just replaced the need to trust the admins with the need to
trust the security reviewers.
(I'm not saying you've reached this point yet, just that it's
something to think about each time you up the level of detail.)
> So far for me, snoopy comes closest.
>
> -h
>
> --
> Hari Sekhon
>
--
Phil Turner
Computers have no common sense - _we_users_ need to supply that.
[ reply ]