A logging root shell

["Nils" <nils () hemmann de>]

Thanks for your valuable feedback!
I got an other neat approach off-list which I want to share with you:

[Quote]
The step we use to pass that PCI requirement for linux is to put the 
following inside of /etc/profile
PROMPT_COMMAND="${PROMPT_COMMAND:+$PROMPT_COMMAND ; }"'echo $$ $USER 
"$(history 1)" | logger -p local2.info <http://local2.info> -t 
"shell_history"'
logger being the transport to syslog/syslog-ng/rsyslog.
There are some sly tricks to evade it, but this will pass their 
requirement.  Just make sure the syslogging facility you use is sending 
and logging it on a separate machine.
I prefer rsyslog.
[\Quote]

Cheers,
Nils

Am 21.11.2011 17:03, schrieb Nils:
> Hi guys,
> I´m looking into solutions to comply with PCI DSS requirement 10.2.2:  
> (Logging: All actions taken by any individual with root or 
> administrative privileges)  especially on Linux systems.
> Therefore I´ve checked for ways to provide a shell which is logging 
> all actions taken.
> I stumbled upon stuff like:
> mkfifo myfifo; logger -f myfifo & script -f myfifo
> rootsh
> sudoshell (ss)
>
> What are your experiences in this realm?
> Best solution would be something done with on-board means or a 
> provided package of the Linux distribution, in this case Debian.
>
>
> Thanks!
> Nils
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com