Stephen Gran on 1 Sep 2007 23:42:05 -0000 |
On Sat, Sep 01, 2007 at 06:24:55PM -0400, Mag Gam said: > Management want to see who does or tries to do anything malicious. > They want to see users' shell activity. Given that management rarely know what they want or how they want to implement it, perhaps you want to think outside the task they've given you? Maybe the simplest would be to implement selinux, and restrict what users can actually do? selinux can be configured to log attempts to do restricted things. Maybe you just want to use acct to give management a warm fuzzy feeling that you know all the commands users have run, even though it isn't useful as a prevention measure? The entire idea of logging sessions sounds like a way to point fingers after the fact, rather than a real security measure or even a deterrent. Given the many ways that there are for a determined person to try and bypass the usual naive methods of capturing user activity, it does at least occur to me that the only reliable way to do this is at a lower level than the shell, and you'll want to look into kernel level auditing (or better, prevention). Good luck, -- -------------------------------------------------------------------------- | Stephen Gran | Bathquake, n.: The violent quake that | | steve@lobefin.net | rattles the entire house when the water | | http://www.lobefin.net/~steve | faucet is turned on to a certain point. | | | -- Rich Hall, "Sniglets" | -------------------------------------------------------------------------- Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|