Somewhat OT: Is Full Command Logging Possible?
Tim Daneliuk
tundra at tundraware.com
Fri Dec 7 13:55:13 UTC 2012
On 12/07/2012 03:23 AM, Fleuriot Damien wrote:
> - audit trails cannot be tampered (chflags sappend)
Another way to achieve this is to send the logging output
to a another log collection machine or appliance (think
"Arcsite") to which even the root users under consideration
do not have access. That is, implement a separation of powers
scheme where no one organization has complete control of
the entire monitoring workflow.
--
----------------------------------------------------------------------------
Tim Daneliuk tundra at tundraware.com
PGP Key: http://www.tundraware.com/PGP/
More information about the freebsd-questions
mailing list