Root access loggin
Tom Evans
tevans.uk at googlemail.com
Mon Jul 30 13:44:16 UTC 2007
On Mon, 2007-07-30 at 08:11 -0500, Eric Crist wrote:
> On Jul 30, 2007, at 7:34 AMJul 30, 2007, Adam J Richardson wrote:
>
> > Tom Evans wrote:
> >> This seems great in principle, but of course, you just gave them a
> >> root
> >> shell, and so they can delete their log file easily enough...
> >
> > You could have cron email it to you every 5 minutes. Unlikely he'd
> > check the crontab immediately, unless he was really bent on the
> > system's destruction. Likely you'd have at least some evidence of
> > his behaviour. Of course your email box would fill up quickly.
> >
> > Adam J Richardson
> >
>
> Tom,
>
> If you're really all that worried about this, don't give them root
> access. You could simply sit at the console with them while they
> work. IIRC, they're a contractor, not an employee. Your presence
> during such operations wouldn't be abnormal for a contractor.
>
> HTH
>
> Eric Crist
I'm not at all worried; the OP was. I was merely pointing out that most
auditing solutions have issues that can be worked around by a malicious
user; sometimes you just have to trust someone.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20070730/20037416/attachment.pgp
More information about the freebsd-questions
mailing list