K.S. Bhaskar on 1 Sep 2007 23:26:06 -0000 |
On 9/1/07, Mag Gam <magawake@gmail.com> wrote: > Management want to see who does or tries to do anything malicious. They want > to see users' shell activity. [KSB] OK, then you are not just trying to keep honest people honest or catch unintentional fat fingering. You are trying to protect against potential compromise of a security model by those who normally have access to the system. This is a harder proposition. You need to create a security model and then implement it. Depending on what users do normally, components in your implementation could include: - Restricted shells (e.g., rbash as the login shell). You could implement keystroke logging with rbash, as discussed earlier in this thread. - Screen - Mandatory access controls (e.,g SELinux, AppArmor) - Chroot jails - Limited functionality virtual machines (boot a vm when a user logs in) And more... Regards -- Bhaskar ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|