Recording user commands (from RE: Linux-audit Digest, Vol 31, Issue 12)
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Fri Apr 27 21:38:59 UTC 2007
On Fri, 27 Apr 2007 16:28:17 EDT, Paul Moore said:
> I believe that would miss all of the shell built-in commands though, wouldn't
> it? Not sure if we would care, but you can do some interesting things with
> the built-ins ... (although maybe you could capture that through additional
> audit watches/syscalls/etc.)
# perl -e 'while (<>) {eval $_;}'
Doing proper auditing of what a user is doing is harder than it looks.
Have a nice day. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20070427/d11071aa/attachment.sig>
More information about the Linux-audit
mailing list