Somewhat OT: Is Full Command Logging Possible?
n j
nino80 at gmail.com
Thu Dec 6 18:56:19 UTC 2012
On Thu, Dec 6, 2012 at 12:47 AM, Tim Daneliuk <tundra at tundraware.com> wrote:
> ...
> Well ... does auditd provide a record of every command issued within a
> script?
> I was under the impression (and I may well be wrong) that it noted only
> the name of the script being executed.
Even if you configured auditd to record every command issued within a
script, you'd still have a problem if a malicious user put the same
commands inside a binary.
As some people already pointed out, there is practically no way to
control users once you give them root privileges.
The only thing that would really solve your problem is probably
something like http://www.balabit.com/network-security/scb/features
(no personal experience with it, but seems it does what you need).
--
Nino
More information about the freebsd-questions
mailing list