RE: root shell auditingAug 06 2008 07:17PM Christian Lete (clete shellcode com ar) (2 replies)
Hi,
Maybe sudosh can suit your needs.
http://sourceforge.net/projects/sudosh/
Cheers,
Christian
-----Mensaje original-----
De: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] En
nombre de Hari Sekhon
Enviado el: Miércoles, 06 de Agosto de 2008 03:16 p.m.
Para: cybergod
CC: p.turner (at) newman.ac (dot) uk [email concealed]; focus-linux
Asunto: Re: root shell auditing
cybergod wrote:
> You can implement a simple system by using /usr/bin/script utility and
> pipe it a fifo on a NFS share for example. You need to establish a
> policy of course because there's an easy way to go around it. For more
> info and example read "man script".
>
> Hope this helps,
>
> Konstantin Ivanov
Yes I know this one. The problems with all of these little hacks is that
they are easily circumventable.
GrSecurity's Exec logging is something I'm investigating right now...
I've used it's chdir logging on a chrooted server of mine and it's quite
thorough.
Maybe sudosh can suit your needs.
http://sourceforge.net/projects/sudosh/
Cheers,
Christian
-----Mensaje original-----
De: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] En
nombre de Hari Sekhon
Enviado el: Miércoles, 06 de Agosto de 2008 03:16 p.m.
Para: cybergod
CC: p.turner (at) newman.ac (dot) uk [email concealed]; focus-linux
Asunto: Re: root shell auditing
cybergod wrote:
> You can implement a simple system by using /usr/bin/script utility and
> pipe it a fifo on a NFS share for example. You need to establish a
> policy of course because there's an easy way to go around it. For more
> info and example read "man script".
>
> Hope this helps,
>
> Konstantin Ivanov
Yes I know this one. The problems with all of these little hacks is that
they are easily circumventable.
GrSecurity's Exec logging is something I'm investigating right now...
I've used it's chdir logging on a chrooted server of mine and it's quite
thorough.
-h
--
Hari Sekhon
[ reply ]