Hi Nils, Quest support and maintain sudo and in their commercial version have the ability to log the key strokes of anyone using privileged commands through sudo. It also has a centralized policy manager.
Alternatively, you could look at cyber-ark or Quest TPAM to do session management and recording. Cheers, Ojc ~~~~~~~~~~~~~~~~~~~~~~~~ Owen Connolly Ph: +353 86 3807884 http://www.vacta.co.uk ~~~~~~~~~~~~~~~~~~~~~~~~ On 21 Nov 2011, at 16:03, "Nils" <[email protected]> wrote: > Hi guys, > I´m looking into solutions to comply with PCI DSS requirement 10.2.2: > (Logging: All actions taken by any individual with root or administrative > privileges) especially on Linux systems. > Therefore I´ve checked for ways to provide a shell which is logging all > actions taken. > I stumbled upon stuff like: > mkfifo myfifo; logger -f myfifo & script -f myfifo > rootsh > sudoshell (ss) > > What are your experiences in this realm? > Best solution would be something done with on-board means or a provided > package of the Linux distribution, in this case Debian. > > > Thanks! > Nils > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
