On 12/06/2012 12:55 PM, n j wrote:
On Thu, Dec 6, 2012 at 12:47 AM, Tim Daneliuk <tun...@tundraware.com> wrote:
...
Well ... does auditd provide a record of every command issued within a
script?
I was under the impression (and I may well be wrong) that it noted only
the name of the script being executed.
Even if you configured auditd to record every command issued within a
script, you'd still have a problem if a malicious user put the same
commands inside a binary.
As some people already pointed out, there is practically no way to
control users once you give them root privileges.
I understand this. Even the organization in question understands
this. They are not trying to *prevent* any kind of access. All
they're trying to do *log* it. Why? To meet some obscure
compliance requirement they have to adhere to in order to
remain in business.
<rant>
I know all of this is silly but that's our future when you
let Our Fine Government regulate pretty much anything.
</rant>
The only thing that would really solve your problem is probably
something like http://www.balabit.com/network-security/scb/features
(no personal experience with it, but seems it does what you need).
--
-----------------------------------------------------------------------
Tim Daneliuk
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"