[clug] bash history > syslog working :)
Daniel Pittman
daniel at rimspace.net
Tue Aug 5 23:47:09 GMT 2008
steve jenkin <sjenkin at canb.auug.org.au> writes:
> Daniel Pittman wrote on 5/8/08 10:27 AM:
>
>> "Ron Trujillo" <ron.trujillo at critrade.com> writes:
>
>> Yes: is it your intention that this information is captured for
>> security, auditing or some other purpose where it actually /matters/
>> that the user can prevent it being logged?
>>
>> If that is the case then you need to think again: this is absolutely not
>> suitable. (For example, the user could remove the settings from bash,
>> which would have the same effect without changing shells.)
>>
>> If you /really/ need to see each command run consider using some sort of
>> appropriate tool. Otherwise, simply accept that many commands will
>> never be visible to your remote logging.
>
> What will absolutely work is a modified terminal server...
> Everything in & out can be captured & timestamped, checksummed and
> securely logged off-net.
[...]
> Members of this list include some very astute security mavens.
> They will shoot me down if I'm wrong.
I don't think you are wrong, but I strongly suspect the OP can get as
much mileage out of an LSM doing the logging from the kernel as
investing in this sort of infrastructure, at vastly lower cost.
Regards,
Daniel
More information about the linux
mailing list