Date: Thu, 6 Dec 2012 19:55:58 +0100 From: n j <nino80@gmail.com> To: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: Somewhat OT: Is Full Command Logging Possible? Message-ID: <CALf6cgb0%2BGXrtTymOPOmjV_C2sk7EaGK=qJOF2z4mB3pQkzV_g@mail.gmail.com> In-Reply-To: <50BFDCFD.4010108@tundraware.com> References: <50BFD674.8000305@tundraware.com> <8BFA2629-45CA-491B-9BA8-E8AC78A4D66E@my.gd> <50BFDCFD.4010108@tundraware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 6, 2012 at 12:47 AM, Tim Daneliuk <tundra@tundraware.com> wrote: > ... > Well ... does auditd provide a record of every command issued within a > script? > I was under the impression (and I may well be wrong) that it noted only > the name of the script being executed. Even if you configured auditd to record every command issued within a script, you'd still have a problem if a malicious user put the same commands inside a binary. As some people already pointed out, there is practically no way to control users once you give them root privileges. The only thing that would really solve your problem is probably something like http://www.balabit.com/network-security/scb/features (no personal experience with it, but seems it does what you need). -- Nino
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALf6cgb0%2BGXrtTymOPOmjV_C2sk7EaGK=qJOF2z4mB3pQkzV_g>