Hi, Thanks to: Kim, Daniel J Glass, David sunsrv@blr.cmc.net.in Robert Brockway Tim Evans mike salehi Santos, Ramiro Doug Winter Mortensen, Henrik Johan Hartzenberg Kim, Daniel J ed rolison JULIAN, JOHN C Tim Thomas john65@pobox.com Jeff Lucas Eric Shafto adam zimmerman Summary: A lot of people pointed out that root could almost always work his/her way around any auditing measures setup, and that the company should hire root users they trust. I personally agree with this, but at the same time I can see why you would want to audit the root account - especially in a company where root rould potentially send large financial payments to external accounts. The response seemed to be divided into 3 answers: 1. Use sudo or a similar packet. While this is a good idea, it would be a pain to maintain and administer. Every time you'd need to run something as root, you'd basically have to setup the whole environment etc. in the same sudo command. 2. Setup a syslog server which root doesn't have access to and let your system log everything to this server. 3. User PowerBroker from SyMark software. While this seems like a good tool, for our purpose it would cost about fifty thousand USD which seems a bit much for auditing one account. Original question: Does anyone know any good tools for auditing root activity? Our PHBs would like some sort of auditing so they can see what we get up to. Are there any ready-made tools out there? One solution would be to use the 'script' command in root's profile (that's basically the functionality we're trying to achieve), but that obviously would only work if you did an 'su -' as opposed to an 'su'. Process accounting doesn't really do the trick. Partly it's too much overhead, partly we'll not see all arguments and switches that are passed to a command. We would prefer a cross-platform solution as we need to monitor HP-UX servers as well. Cheers, Thorfinn ************************************************************************************************************ More information on Standard Bank is available at www.standardbank.com Everything in this email and any attachments relating to the official business of Standard Bank Group Limited and any or all subsidiaries, the Company, is proprietary to the Company. It is confidential, legally privileged and protected by relevant laws. The Company does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of the Company. The person or persons addressed in this email are the sole authorised recipient. Please notify the sender immediately if it has unintentionally, or inadvertently reached you and do not read, disclose or use the content in any way and delete this e-mail from your system. The Company cannot ensure that the integrity of this email has been maintained nor that it is free of errors, virus, interception or interference. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. *********************************************************************************************************** _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Wed Sep 4 08:12:02 2002
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:54 EST