Root shell with logging
Joshua M. Miller
joshua at itsecureadmin.com
Thu May 10 13:30:11 UTC 2007
Another option is to use Enterprise Audit Shell -- this application will
allow you to log all activity performed by a user during a root session.
I have successfully implemented this and use sudo to enable root
access, but only via /usr/local/sbin/eash (path to audit shell binary).
The EAS logs to a remote server via SSL-protected connection and allows
real-time play-back of a users session (during the session) or after the
fact playback. There are also reporting features built in.
This product is currently freely available but I did hear a rumor that
it will not be for much longer, so get it while you can. If you mail me
off-list I might be able to provide a 2.0 release version.
Some RPMs are available here:
http://rpmfind.net/linux/rpm2html/search.php?query=eash
Here's an overview by the author on the sudo-announce list:
http://www.gratisoft.us/pipermail/sudo-announce/2006-March/000062.html
Thanks,
--
Joshua M. Miller - RHCE,VCP
mark wrote:
> Krishnaprasad_K at Dell.com wrote:
>> ps ax will show all the processes running in your system. Redirect its
>> output to a file when a user logs in.
>>
>> add this command in /etc/profile script ps ax > /tmp/processes.txt
> <snip>
> Don't think that's quite what he was asking for. ps -fu <username> might
> be closer. However, he said *root* shell with logging, implying not just
> any user. My solution to that would be that the folks he's worrying
> about logging should not log in as root, but rather use sudo, which logs
> every command they issue.
>
> mark
>
More information about the redhat-list
mailing list