Somewhat OT: Is Full Command Logging Possible?
Damien Fleuriot
ml at my.gd
Wed Dec 5 23:43:19 UTC 2012
On 6 Dec 2012, at 00:19, Tim Daneliuk <tundra at tundraware.com> wrote:
> sudo chown root:wheel my_naughty_script
> sudo chmod 700 my_naughty script
> sudo ./my_naughty_script
>
> The sudo log will note that I ran the script, but not what it did.
>
>
wow, way to complicate matters.
sudo csh
> So Gentle Geniuses, is there prior art here that could be applied
> to give me full coverage logging of every action taken by any person or
> thing running with effective or actual root?
>
> P.S. I do not believe
Now would be a good time to start, then.
The only things you need to ensure are:
- auditd cannot be killed off (this is an interesting bit actually, anyone knows how to do that ?)
- the audit trail files can only be appended to ; man chflags
An alternative would be lshell, however you'll have to whitelist commands people can execute.
More information about the freebsd-questions
mailing list