[Pauldotcom] A logging root shell
Owen Connolly
ojconnolly at gmail.com
Mon Nov 21 23:32:55 UTC 2011
Hi Nils,
Quest support and maintain sudo and in their commercial version have the ability to log the key strokes of anyone using privileged commands through sudo. It also has a centralized policy manager.
Alternatively, you could look at cyber-ark or Quest TPAM to do session management and recording.
Cheers,
Ojc
~~~~~~~~~~~~~~~~~~~~~~~~
Owen Connolly
Ph: +353 86 3807884
http://www.vacta.co.uk
~~~~~~~~~~~~~~~~~~~~~~~~
On 21 Nov 2011, at 16:03, "Nils" <nils at hemmann.de> wrote:
> Hi guys,
> I´m looking into solutions to comply with PCI DSS requirement 10.2.2: (Logging: All actions taken by any individual with root or administrative privileges) especially on Linux systems.
> Therefore I´ve checked for ways to provide a shell which is logging all actions taken.
> I stumbled upon stuff like:
> mkfifo myfifo; logger -f myfifo & script -f myfifo
> rootsh
> sudoshell (ss)
>
> What are your experiences in this realm?
> Best solution would be something done with on-board means or a provided package of the Linux distribution, in this case Debian.
>
>
> Thanks!
> Nils
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
More information about the Pauldotcom
mailing list