[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Need an method of recording command line operations for auditing purposes

http://sourceforge.net/projects/rootsh/

and from a co-worker

http://etbe.coker.com.au/2010/06/11/logging-shell-commands/

has some slick ideas

I've used rootsh before. With additional hardening like the log file area
for rootsh being append only filesystem and the chattr being locked up with
selinux it make a pretty solid logging system

On Wed, Jun 16, 2010 at 10:50 AM, James Taylor <
James.Taylor at eastcobbgroup.com> wrote:

> Is there a good method for auditing command line operations, similar to
> bash_history that is not accessible to the user? bash_hisory is functional,
> but can be edited or deleted by the user.
> Something that is included with a SLES distribution is highly desirable,
> but if there are some good options, one of them may already be there.
> I've had one suggestion for snoopy, but I don't think it's included with
> SLES.
> Thanks,
> -jt
>
>
>
> James Taylor
> The East Cobb Group, Inc.
> 678-697-9420
> james.taylor at eastcobbgroup.com
> http://www.eastcobbgroup.com
>
>
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
-- 
James P. Kinney III
Actively in pursuit of Life, Liberty and Happiness
Doing pretty well on all 3 pursuits

 Faith is a cop-out. If the only way you can accept an assertion is by
faith, then you are conceding that it can?t be taken on its own merits.
   Dan Barker, "Losing Faith in Faith", 1992
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100616/4dc0456b/attachment.html