Somewhat OT: Is Full Command Logging Possible?
Tim Daneliuk
tundra at tundraware.com
Thu Dec 6 19:18:32 UTC 2012
On 12/06/2012 12:55 PM, n j wrote:
> On Thu, Dec 6, 2012 at 12:47 AM, Tim Daneliuk <tundra at tundraware.com> wrote:
>> ...
>> Well ... does auditd provide a record of every command issued within a
>> script?
>> I was under the impression (and I may well be wrong) that it noted only
>> the name of the script being executed.
>
> Even if you configured auditd to record every command issued within a
> script, you'd still have a problem if a malicious user put the same
> commands inside a binary.
>
> As some people already pointed out, there is practically no way to
> control users once you give them root privileges.
I understand this. Even the organization in question understands
this. They are not trying to *prevent* any kind of access. All
they're trying to do *log* it. Why? To meet some obscure
compliance requirement they have to adhere to in order to
remain in business.
<rant>
I know all of this is silly but that's our future when you
let Our Fine Government regulate pretty much anything.
</rant>
>
> The only thing that would really solve your problem is probably
> something like http://www.balabit.com/network-security/scb/features
> (no personal experience with it, but seems it does what you need).
>
--
-----------------------------------------------------------------------
Tim Daneliuk
More information about the freebsd-questions
mailing list