Thanks for your valuable feedback!
I got an other neat approach off-list which I want to share with you:
[Quote]
The step we use to pass that PCI requirement for linux is to put the
following inside of /etc/profile
PROMPT_COMMAND="${PROMPT_COMMAND:+$PROMPT_COMMAND ; }"'echo $$ $USER
"$(history 1)" | logger -p local2.info <http://local2.info> -t
"shell_history"'
logger being the transport to syslog/syslog-ng/rsyslog.
There are some sly tricks to evade it, but this will pass their
requirement. Just make sure the syslogging facility you use is sending
and logging it on a separate machine.
I prefer rsyslog.
[\Quote]
Cheers,
Nils
Am 21.11.2011 17:03, schrieb Nils:
Hi guys,
I´m looking into solutions to comply with PCI DSS requirement 10.2.2:
(Logging: All actions taken by any individual with root or
administrative privileges) especially on Linux systems.
Therefore I´ve checked for ways to provide a shell which is logging
all actions taken.
I stumbled upon stuff like:
mkfifo myfifo; logger -f myfifo & script -f myfifo
rootsh
sudoshell (ss)
What are your experiences in this realm?
Best solution would be something done with on-board means or a
provided package of the Linux distribution, in this case Debian.
Thanks!
Nils
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
