Date: Fri, 7 Dec 2012 09:29:27 +0100 From: Damien Fleuriot <ml@my.gd> To: "tundra@tundraware.com" <tundra@tundraware.com> Cc: n j <nino80@gmail.com>, FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: Somewhat OT: Is Full Command Logging Possible? Message-ID: <FA2CC733-B135-4F15-A0E7-A8B0EA106244@my.gd> In-Reply-To: <50C0EFA4.3010902@tundraware.com> References: <50BFD674.8000305@tundraware.com> <8BFA2629-45CA-491B-9BA8-E8AC78A4D66E@my.gd> <50BFDCFD.4010108@tundraware.com> <CALf6cgb0%2BGXrtTymOPOmjV_C2sk7EaGK=qJOF2z4mB3pQkzV_g@mail.gmail.com> <50C0EFA4.3010902@tundraware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6 Dec 2012, at 20:19, Tim Daneliuk <tundra@tundraware.com> wrote: > On 12/06/2012 12:55 PM, n j wrote: >> On Thu, Dec 6, 2012 at 12:47 AM, Tim Daneliuk <tundra@tundraware.com> wro= te: >>> ... >>> Well ... does auditd provide a record of every command issued within a >>> script? >>> I was under the impression (and I may well be wrong) that it noted only= >>> the name of the script being executed. >>=20 >> Even if you configured auditd to record every command issued within a >> script, you'd still have a problem if a malicious user put the same >> commands inside a binary. >>=20 >> As some people already pointed out, there is practically no way to >> control users once you give them root privileges. >=20 > I understand this. Even the organization in question understands > this. They are not trying to *prevent* any kind of access. All > they're trying to do *log* it. Why? To meet some obscure > compliance requirement they have to adhere to in order to > remain in business. >=20 > <rant> > I know all of this is silly but that's our future when you > let Our Fine Government regulate pretty much anything. > </rant> >=20 This sounds awfully similar to PCI DSS requirements to me. Nothing to do with .gov then ;)=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FA2CC733-B135-4F15-A0E7-A8B0EA106244>