On Thu, Dec 6, 2012 at 12:47 AM, Tim Daneliuk <tun...@tundraware.com> wrote: > ... > Well ... does auditd provide a record of every command issued within a > script? > I was under the impression (and I may well be wrong) that it noted only > the name of the script being executed.
Even if you configured auditd to record every command issued within a script, you'd still have a problem if a malicious user put the same commands inside a binary. As some people already pointed out, there is practically no way to control users once you give them root privileges. The only thing that would really solve your problem is probably something like http://www.balabit.com/network-security/scb/features (no personal experience with it, but seems it does what you need). -- Nino _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
