EXT :Re: PCI-DSS: Log every root actions/keystrokes but avoid passwords
Florian Crouzat
gentoo at floriancrouzat.net
Mon Jul 16 08:05:48 UTC 2012
Le 13/07/2012 19:09, Boyce, Kevin P (AS) a écrit :
> Wouldn't another option be to audit the exec of particular executables you are interested in knowing if someone runs?
> Obviously you won't know what they are typing into text documents and such, but is that really required? Most places don't allow key loggers at all and it sounds like that's what you've got.
Nop that's not required, what is required is to log every
root-privileged actions, sudo goes in /var/log/secure, real root shells
nowhere. The only solution I found was with pam_audit_tty that has the
side effect to log every keystroke but I'm open to other solutions,
creating a list of binary to watch cannot be one.
--
Cheers,
Florian Crouzat
More information about the Linux-audit
mailing list