Re: Pauldotcom Digest, Vol 38, Issue 12

[Jackson <jakrainer () yahoo com>]

Guys,
 
Sudo 1.8.3 supports I/O logging. It records everything that the user did while using sudo.
You can then replay the command session. Really cool feature!
 
Regards,
 
Jackson
 
 
 
Date: Tue, 22 Nov 2011 07:50:04 +0200
From: Matt Erasmus <matt.erasmus () gmail com>
Subject: Re: [Pauldotcom] A logging root shell
To: PaulDotCom Security Weekly Mailing List
    <pauldotcom () mail pauldotcom com>
Message-ID: <C08B3D91-B506-481A-9272-2BBD2BB7EF87 () gmail com>
Content-Type: text/plain; charset=iso-8859-1

Howdy

On 21 Nov 2011, at 6:03 PM, Nils wrote:

> I?m looking into solutions to comply with PCI DSS requirement 10.2.2:  (Logging: All actions taken by any individual 
> with root or administrative privileges)  especially on Linux systems.
> Therefore I?ve checked for ways to provide a shell which is logging all actions taken.
> I stumbled upon stuff like:
> mkfifo myfifo; logger -f myfifo & script -f myfifo
> rootsh
> sudoshell (ss)
>
> What are your experiences in this realm?
> Best solution would be something done with on-board means or a provided package of the Linux distribution, in this 
> case Debian.

I've had great success with this..

http://www.adeptus-mechanicus.com/codex/histsys/histsys.html

It's not a clean system, but it'll do what you need.

./matt
email: matt.erasmus () gmail com
blog: http://www.zonbi.org
twitter: @0xznb

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com