Date: Fri, 07 Dec 2012 07:54:56 -0600 From: Tim Daneliuk <tundra@tundraware.com> To: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: Somewhat OT: Is Full Command Logging Possible? Message-ID: <50C1F530.2070708@tundraware.com> In-Reply-To: <04283347-1955-4C49-9ADD-6D2FBB1B0EDC@my.gd> References: <50BFD674.8000305@tundraware.com> <8BFA2629-45CA-491B-9BA8-E8AC78A4D66E@my.gd> <50BFDCFD.4010108@tundraware.com> <CALf6cgb0%2BGXrtTymOPOmjV_C2sk7EaGK=qJOF2z4mB3pQkzV_g@mail.gmail.com> <50C0EFA4.3010902@tundraware.com> <6A61448BD1FE69ED206EB42E@utd71538.campus.ad.utdallas.edu> <04283347-1955-4C49-9ADD-6D2FBB1B0EDC@my.gd>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/07/2012 03:23 AM, Fleuriot Damien wrote: > - audit trails cannot be tampered (chflags sappend) Another way to achieve this is to send the logging output to a another log collection machine or appliance (think "Arcsite") to which even the root users under consideration do not have access. That is, implement a separation of powers scheme where no one organization has complete control of the entire monitoring workflow. -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50C1F530.2070708>