[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] shell script help...
|
- From: "Mag Gam" <magawake@gmail.com>
- To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
- Subject: Re: [PLUG] shell script help...
- Date: Sat, 1 Sep 2007 19:46:49 -0400
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=Q71NCJ2JBgauWu/rQsYFpvwPV8lSZxem1TN390EbBQOXoveZdrNm/c9pqA2z2ag6/ogd4YOu9NTkG1JW05GCpa0x/2iFigFNnNZahqNZHm2jDRPeEbWHqHKSn4JfYiwxJv5+BVncugZeObvnyP+0XBbc4x8QpxjpwVa9CF8HngU=
- Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
- Sender: plug-bounces@lists.phillylinux.org
>[KSB] OK, then you are not just trying to keep honest people honest or >catch unintentional fat fingering. You are trying to protect against >potential compromise of a security model by those who normally have
>access to the system. This is a harder proposition. You need to >create a security model and then implement it.
Nice way of putting it....they want to fire the person who does xxx the next time :-(
Simple as that.
Anyone have experience with auditd? Can that handle this type of task?
On 9/1/07, K.S. Bhaskar <bhaskar@bhaskars.com> wrote:
On 9/1/07, Mag Gam <magawake@gmail.com> wrote: > Management want to see who does or tries to do anything malicious. They want
> to see users' shell activity.
[KSB] OK, then you are not just trying to keep honest people honest or catch unintentional fat fingering. You are trying to protect against potential compromise of a security model by those who normally have
access to the system. This is a harder proposition. You need to create a security model and then implement it.
Depending on what users do normally, components in your implementation could include:
- Restricted shells (e.g., rbash as the login shell). You could implement keystroke logging with rbash, as discussed earlier in this thread.
- Screen
- Mandatory access controls (e.,g SELinux, AppArmor)
- Chroot jails
- Limited functionality virtual machines (boot a vm when a user logs in)
And more...
Regards -- Bhaskar ___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|