| Since around Bash 4.1, you can log all commands directly to syslog. This includes all UID 0 as well as normal users. You'll simply need to rebuild bash with syslog support. I know under Gentoo, you can use the "USE=bashlogger" then "emerge bash". Then, just forward you syslog's to a remote server for archive. On Nov 21, 2011, at 6:32 PM, Owen Connolly wrote: Hi Nils, Quest support and maintain sudo and in their commercial version have the ability to log the key strokes of anyone using privileged commands through sudo. It also has a centralized policy manager. Alternatively, you could look at cyber-ark or Quest TPAM to do session management and recording. Cheers, Ojc ~~~~~~~~~~~~~~~~~~~~~~~~ Owen Connolly Ph: +353 86 3807884 http://www.vacta.co.uk~~~~~~~~~~~~~~~~~~~~~~~~ On 21 Nov 2011, at 16:03, "Nils" < [email protected]> wrote: Hi guys,
I´m looking into solutions to comply with PCI DSS requirement 10.2.2: (Logging: All actions taken by any individual with root or administrative privileges) especially on Linux systems.
Therefore I´ve checked for ways to provide a shell which is logging all actions taken.
I stumbled upon stuff like:
mkfifo myfifo; logger -f myfifo & script -f myfifo
rootsh
sudoshell (ss)
What are your experiences in this realm?
Best solution would be something done with on-board means or a provided package of the Linux distribution, in this case Debian.
Thanks!
Nils
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list [email protected]http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Champ Clark III
(office) 904.253.7856
(mobile) 850.443.2440 (SOC) 800.538.9357 ext 101 |
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
