Session recording
Tom Buskey
tom at buskey.name
Mon Mar 31 16:04:27 EDT 2008
On Mon, Mar 31, 2008 at 3:35 PM, Dan Coutu <coutu at snowy-owl.com> wrote:
> Kenny Lussier wrote:
> > This is exactly the case. We have already limited what people can do
> > on these systems using standard permissions, sudo, etc. What we need
> > now is to log everything that is done so that when the systems are
> > audited, we can provide the details of what has been done on the
> > system. It's not about limiting functions, it's about audit and
>
If you just want to log all the commands, maybe just put something like
script in the startup and trust that they don't remove it. Then
periodically scan the startup and deal with its removal.
Of course if you have "malicious" users then it's a different problem
malisious == users you cannot trust to not muck with being logged.
>
> > accountability.
> >
> > Thanks,
> > Kenny
> >
> Sounds to me like you need the kind of security auditing that is found
> in DoD administered machines. Using their enhanced security levels they
> are able to do this kind of auditing. I recall this from my days at
> Digital when we were making DEC OSF/1 able to be C2 level secure and B1
> level secure. Maybe plain Linux isn't the right answer? Just a thought...
>
auditing is the typical term. There's a standard way to turn on auditing
for Solaris.
Google for NISPOM Chapter 8, FAISSR for various guides on setting it up on
different OSen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20080331/ac862df5/attachment.html
More information about the gnhlug-discuss
mailing list