Guys,
Sudo 1.8.3 supports I/O logging. It records everything that the user did while
using sudo.
You can then replay the command session. Really cool feature!
Regards,
Jackson
Date: Tue, 22 Nov 2011 07:50:04 +0200
From: Matt Erasmus <[email protected]>
Subject: Re: [Pauldotcom] A logging root shell
To: PaulDotCom Security Weekly Mailing List
<[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=iso-8859-1
Howdy
On 21 Nov 2011, at 6:03 PM, Nils wrote:
> I?m looking into solutions to comply with PCI DSS requirement 10.2.2:
> (Logging: All actions taken by any individual with root or administrative
> privileges) especially on Linux systems.
> Therefore I?ve checked for ways to provide a shell which is logging all
> actions taken.
> I stumbled upon stuff like:
> mkfifo myfifo; logger -f myfifo & script -f myfifo
> rootsh
> sudoshell (ss)
>
> What are your experiences in this realm?
> Best solution would be something done with on-board means or a provided
> package of the Linux distribution, in this case Debian.
I've had great success with this..
http://www.adeptus-mechanicus.com/codex/histsys/histsys.html
It's not a clean system, but it'll do what you need.
./matt
email: [email protected]
blog: http://www.zonbi.org
twitter: @0xznb
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
