PaulDotCom mailing list archives
Re: Pauldotcom Digest, Vol 38, Issue 12
From: Jackson <jakrainer () yahoo com>
Date: Tue, 22 Nov 2011 04:09:56 -0800 (PST)
Guys, Sudo 1.8.3 supports I/O logging. It records everything that the user did while using sudo. You can then replay the command session. Really cool feature! Regards, Jackson Date: Tue, 22 Nov 2011 07:50:04 +0200 From: Matt Erasmus <matt.erasmus () gmail com> Subject: Re: [Pauldotcom] A logging root shell To: PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com> Message-ID: <C08B3D91-B506-481A-9272-2BBD2BB7EF87 () gmail com> Content-Type: text/plain; charset=iso-8859-1 Howdy On 21 Nov 2011, at 6:03 PM, Nils wrote:
I?m looking into solutions to comply with PCI DSS requirement 10.2.2: (Logging: All actions taken by any individual with root or administrative privileges) especially on Linux systems. Therefore I?ve checked for ways to provide a shell which is logging all actions taken. I stumbled upon stuff like: mkfifo myfifo; logger -f myfifo & script -f myfifo rootsh sudoshell (ss) What are your experiences in this realm? Best solution would be something done with on-board means or a provided package of the Linux distribution, in this case Debian.
I've had great success with this.. http://www.adeptus-mechanicus.com/codex/histsys/histsys.html It's not a clean system, but it'll do what you need. ./matt email: matt.erasmus () gmail com blog: http://www.zonbi.org twitter: @0xznb
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: Pauldotcom Digest, Vol 38, Issue 12 Jackson (Nov 22)