redhat-list Digest, Vol 64, Issue 10
Amin, Dipam
Dipam.Amin at gs.com
Wed Jun 10 16:56:38 UTC 2009
----- Original Message -----
From: redhat-list-bounces at redhat.com <redhat-list-bounces at redhat.com>
To: redhat-list at redhat.com <redhat-list at redhat.com>
Sent: Wed Jun 10 12:00:30 2009
Subject: redhat-list Digest, Vol 64, Issue 10
Send redhat-list mailing list submissions to
redhat-list at redhat.com
To subscribe or unsubscribe via the World Wide Web, visit
https://www.redhat.com/mailman/listinfo/redhat-list
or, via email, send a message with subject or body 'help' to
redhat-list-request at redhat.com
You can reach the person managing the list at
redhat-list-owner at redhat.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of redhat-list digest..."
Today's Topics:
1. Re: users logs (Abdelkader Yousfi)
2. Re: users logs (mark)
3. Re: users logs (Abdelkader Yousfi)
4. Re: users logs (mark)
5. ftp ssl (Troy Knabe)
6. RE: ftp ssl (Henrik Schmiediche)
7. RE: ftp ssl (Florez, Nestor)
8. RE: users logs (Percy Barboza)
9. RE: users logs (Marti, Rob)
10. Re: users logs (mark)
11. RE: users logs (Marti, Rob)
12. Re: users logs (mark)
13. hi (lakhan goud)
14. stunnel connection retries flooding the firewall (Kenneth Holter)
15. Re: users logs (Phebe_Mertes at aotx.uscourts.gov)
16. Re: users logs (George Magklaras)
17. RE: users logs (Marti, Rob)
----------------------------------------------------------------------
Message: 1
Date: Tue, 9 Jun 2009 19:08:07 +0100
From: Abdelkader Yousfi <yousfia at gmail.com>
Subject: Re: users logs
To: General Red Hat Linux discussion list <redhat-list at redhat.com>
Message-ID:
<ca6218bb0906091108u53640752rd1ab7d7522926d7d at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
so you mean no way for having each command hit by each users except getting
bach_history file !!!
because i want to get my system more secure and seeing each user what he
does or what he is doing in shell
Thx!
On Tue, Jun 9, 2009 at 4:40 PM, mark <m.roth2006 at rcn.com> wrote:
> Abdelkader Yousfi wrote:
> > All,
> >
> > How can we know on RHEL what each users is doing on the system (commands,
> > file accessing...etc)?
> > Thanks!
>
> Are you talking about *every* *single* *command* (assuming we're not
> talking X
> here, but shell), or just when they issue commands with root privilege?
>
> If the latter, they should be using sudo most of the time, and then
> everything
> will be logged in /var/log/secure.
>
> If you mean the former, that's inane. They started doing that at a major
> corporation I worked at in '03, allegedly as part of their SOX
> (Sarbanes-Oxley)
> compliance, and it's a bad joke; it's more 'if anyone ever asks, we'll bury
> them under so much info that they'll never find what they're looking for".
>
> Really - what do you actually *need* to know? What are you trying to
> achieve?
> Logging everything that everyone does, say, by copying their .bash_history
> file
> every few minutes, or adding a shell wrapper that logs it, the way the
> company
> I worked for did, for more than a handful of people will *bury* you.
>
> While we're at it, though I hate it, are you using selinux?
>
> mark
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
Best Regards,
Abdelkader
------------------------------
Message: 2
Date: Tue, 09 Jun 2009 13:17:21 -0500
From: mark <m.roth2006 at rcn.com>
Subject: Re: users logs
To: General Red Hat Linux discussion list <redhat-list at redhat.com>
Message-ID: <4A2EA731.9010302 at rcn.com>
Content-Type: text/plain; charset=ISO-8859-1
Abdelkader Yousfi wrote:
> so you mean no way for having each command hit by each users except getting
> bach_history file !!!
> because i want to get my system more secure and seeing each user what he
> does or what he is doing in shell
> Thx!
>
I am now questioning *why* you want to do this. Is this a requirement from
management, and, if so, for what reason? Do you believe someone inside is
grossly violating company policy, or doing corporate espionage?
mark
> On Tue, Jun 9, 2009 at 4:40 PM, mark <m.roth2006 at rcn.com> wrote:
>
>> Abdelkader Yousfi wrote:
>>> All,
>>>
>>> How can we know on RHEL what each users is doing on the system (commands,
>>> file accessing...etc)?
>>> Thanks!
>> Are you talking about *every* *single* *command* (assuming we're not
>> talking X
>> here, but shell), or just when they issue commands with root privilege?
>>
>> If the latter, they should be using sudo most of the time, and then
>> everything
>> will be logged in /var/log/secure.
>>
>> If you mean the former, that's inane. They started doing that at a major
>> corporation I worked at in '03, allegedly as part of their SOX
>> (Sarbanes-Oxley)
>> compliance, and it's a bad joke; it's more 'if anyone ever asks, we'll bury
>> them under so much info that they'll never find what they're looking for".
>>
>> Really - what do you actually *need* to know? What are you trying to
>> achieve?
>> Logging everything that everyone does, say, by copying their .bash_history
>> file
>> every few minutes, or adding a shell wrapper that logs it, the way the
>> company
>> I worked for did, for more than a handful of people will *bury* you.
>>
>> While we're at it, though I hate it, are you using selinux?
>>
>> mark
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>
>
------------------------------
Message: 3
Date: Tue, 9 Jun 2009 19:32:56 +0100
From: Abdelkader Yousfi <yousfia at gmail.com>
Subject: Re: users logs
To: General Red Hat Linux discussion list <redhat-list at redhat.com>
Message-ID:
<ca6218bb0906091132v2b025629td30b68894e3ac343 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
I want to get this tips for preventive reason for violating or doing
something silly like changing config files...etc.
AY.
On Tue, Jun 9, 2009 at 7:17 PM, mark <m.roth2006 at rcn.com> wrote:
> Abdelkader Yousfi wrote:
> > so you mean no way for having each command hit by each users except
> getting
> > bach_history file !!!
> > because i want to get my system more secure and seeing each user what he
> > does or what he is doing in shell
> > Thx!
> >
> I am now questioning *why* you want to do this. Is this a requirement from
> management, and, if so, for what reason? Do you believe someone inside is
> grossly violating company policy, or doing corporate espionage?
>
> mark
> > On Tue, Jun 9, 2009 at 4:40 PM, mark <m.roth2006 at rcn.com> wrote:
> >
> >> Abdelkader Yousfi wrote:
> >>> All,
> >>>
> >>> How can we know on RHEL what each users is doing on the system
> (commands,
> >>> file accessing...etc)?
> >>> Thanks!
> >> Are you talking about *every* *single* *command* (assuming we're not
> >> talking X
> >> here, but shell), or just when they issue commands with root privilege?
> >>
> >> If the latter, they should be using sudo most of the time, and then
> >> everything
> >> will be logged in /var/log/secure.
> >>
> >> If you mean the former, that's inane. They started doing that at a major
> >> corporation I worked at in '03, allegedly as part of their SOX
> >> (Sarbanes-Oxley)
> >> compliance, and it's a bad joke; it's more 'if anyone ever asks, we'll
> bury
> >> them under so much info that they'll never find what they're looking
> for".
> >>
> >> Really - what do you actually *need* to know? What are you trying to
> >> achieve?
> >> Logging everything that everyone does, say, by copying their
> .bash_history
> >> file
> >> every few minutes, or adding a shell wrapper that logs it, the way the
> >> company
> >> I worked for did, for more than a handful of people will *bury* you.
> >>
> >> While we're at it, though I hate it, are you using selinux?
> >>
> >> mark
> >>
> >> --
> >> redhat-list mailing list
> >> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >> https://www.redhat.com/mailman/listinfo/redhat-list
> >>
> >
> >
> >
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
Best Regards,
Abdelkader
------------------------------
Message: 4
Date: Tue, 09 Jun 2009 13:48:32 -0500
From: mark <m.roth2006 at rcn.com>
Subject: Re: users logs
To: General Red Hat Linux discussion list <redhat-list at redhat.com>
Message-ID: <4A2EAE80.8040506 at rcn.com>
Content-Type: text/plain; charset=ISO-8859-1
Abdelkader Yousfi wrote:
> I want to get this tips for preventive reason for violating or doing
> something silly like changing config files...etc.
> AY.
Right. Ok, as I just said the other day, NO USERS EVER GET THE ROOT PASSWORD.
End of discussion.
*Nix is intended, from the git-go, as a multiuser system (unlike a certain o/s
from Redmond). User accounts are intended to be what users log into; they
should *not* log into root.
Some of the stricter companies have pushed no root login, even from the
console, that admins who need to work as root have to sudo or su to root.
Btw, this obviously is not the case for single user mode....
ONLY ones who have an actual need, that *your* manager approves, get sudo
privilege, and you can limit what commands they use, such as "user backup is
allowed to sudo rsync".
And *then* you've got records in /var/log/secure.
mark
------------------------------
Message: 5
Date: Tue, 9 Jun 2009 13:26:02 -0700
From: Troy Knabe <knabe at 4j.lane.edu>
Subject: ftp ssl
To: Red Hat Linux discussion list <redhat-list at redhat.com>
Message-ID: <BB8AB8F7-C63C-4B65-AB41-5AD869C39DC3 at 4j.lane.edu>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
I have to connect to a client who only allows ftp ssl (not sftp, and
not scp). I need to script it so that I can download the files
nightly. Does anyone have a good linux application and/or
documentation source that they recommend?
Thanks
--
Troy Knabe
knabe at 4j.lane.edu
------------------------------
Message: 6
Date: Tue, 9 Jun 2009 15:27:32 -0500
From: "Henrik Schmiediche" <henrik at stat.tamu.edu>
Subject: RE: ftp ssl
To: "'General Red Hat Linux discussion list'" <redhat-list at redhat.com>
Message-ID: <000601c9e940$b79f02c0$26dd0840$@tamu.edu>
Content-Type: text/plain; charset="US-ASCII"
wget?
- Henrik
-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com]
On Behalf Of Troy Knabe
Sent: Tuesday, June 09, 2009 3:26 PM
To: Red Hat Linux discussion list
Subject: ftp ssl
I have to connect to a client who only allows ftp ssl (not sftp, and
not scp). I need to script it so that I can download the files
nightly. Does anyone have a good linux application and/or
documentation source that they recommend?
Thanks
--
Troy Knabe
knabe at 4j.lane.edu
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
------------------------------
Message: 7
Date: Tue, 9 Jun 2009 13:29:22 -0700
From: "Florez, Nestor" <NFlorez at sdcwa.org>
Subject: RE: ftp ssl
To: "General Red Hat Linux discussion list" <redhat-list at redhat.com>
Message-ID:
<1CF7137E18C1234082F572E8A816DFAE12C331B5 at Octopus.sdcwa.org>
Content-Type: text/plain; charset="iso-8859-1"
How about something like this and set up a cron job
:-)
----------
#!/bin/sh
HOST='myhost'
USER='myuser'
PASSWD='mypwd'
FILE='myfile'
ftp -n $HOST <<END_SCRIPT
quote USER $USER
quote PASS $PASSWD
get $FILE
quit
END_SCRIPT
exit 0
------------------
-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com]On Behalf Of Troy Knabe
Sent: Tuesday, June 09, 2009 1:26 PM
To: Red Hat Linux discussion list
Subject: ftp ssl
I have to connect to a client who only allows ftp ssl (not sftp, and
not scp). I need to script it so that I can download the files
nightly. Does anyone have a good linux application and/or
documentation source that they recommend?
Thanks
--
Troy Knabe
knabe at 4j.lane.edu
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
------------------------------
Message: 8
Date: Tue, 9 Jun 2009 21:37:12 +0000
From: Percy Barboza <p_barboza at hotmail.com>
Subject: RE: users logs
To: General Red Hat Linux discussion list <redhat-list at redhat.com>
Message-ID: <BAY101-W10A33DA9D4C4F339A8CFD387440 at phx.gbl>
Content-Type: text/plain; charset="iso-8859-1"
Tripwire??
percy
> Date: Tue, 9 Jun 2009 19:32:56 +0100
> From: yousfia at gmail.com
> To: redhat-list at redhat.com
> Subject: Re: users logs
>
> I want to get this tips for preventive reason for violating or doing
> something silly like changing config files...etc.
> AY.
>
> On Tue, Jun 9, 2009 at 7:17 PM, mark <m.roth2006 at rcn.com> wrote:
>
> > Abdelkader Yousfi wrote:
> > > so you mean no way for having each command hit by each users except
> > getting
> > > bach_history file !!!
> > > because i want to get my system more secure and seeing each user what he
> > > does or what he is doing in shell
> > > Thx!
> > >
> > I am now questioning *why* you want to do this. Is this a requirement from
> > management, and, if so, for what reason? Do you believe someone inside is
> > grossly violating company policy, or doing corporate espionage?
> >
> > mark
> > > On Tue, Jun 9, 2009 at 4:40 PM, mark <m.roth2006 at rcn.com> wrote:
> > >
> > >> Abdelkader Yousfi wrote:
> > >>> All,
> > >>>
> > >>> How can we know on RHEL what each users is doing on the system
> > (commands,
> > >>> file accessing...etc)?
> > >>> Thanks!
> > >> Are you talking about *every* *single* *command* (assuming we're not
> > >> talking X
> > >> here, but shell), or just when they issue commands with root privilege?
> > >>
> > >> If the latter, they should be using sudo most of the time, and then
> > >> everything
> > >> will be logged in /var/log/secure.
> > >>
> > >> If you mean the former, that's inane. They started doing that at a major
> > >> corporation I worked at in '03, allegedly as part of their SOX
> > >> (Sarbanes-Oxley)
> > >> compliance, and it's a bad joke; it's more 'if anyone ever asks, we'll
> > bury
> > >> them under so much info that they'll never find what they're looking
> > for".
> > >>
> > >> Really - what do you actually *need* to know? What are you trying to
> > >> achieve?
> > >> Logging everything that everyone does, say, by copying their
> > .bash_history
> > >> file
> > >> every few minutes, or adding a shell wrapper that logs it, the way the
> > >> company
> > >> I worked for did, for more than a handful of people will *bury* you.
> > >>
> > >> While we're at it, though I hate it, are you using selinux?
> > >>
> > >> mark
> > >>
> > >> --
> > >> redhat-list mailing list
> > >> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > >> https://www.redhat.com/mailman/listinfo/redhat-list
> > >>
> > >
> > >
> > >
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
>
>
> --
> Best Regards,
> Abdelkader
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
_________________________________________________________________
Missed any of the IPL matches ? Catch a recap of all the action on MSN Videos
http://msnvideos.in/iplt20/msnvideoplayer.aspx
------------------------------
Message: 9
Date: Tue, 9 Jun 2009 16:42:44 -0500
From: "Marti, Rob" <RJM002 at shsu.edu>
Subject: RE: users logs
To: General Red Hat Linux discussion list <redhat-list at redhat.com>
Message-ID:
<8FAC1E47484E43469AA28DBF35C955E4A494948C74 at EXMBX.SHSU.EDU>
Content-Type: text/plain; charset="us-ascii"
If you're using RHEL5 you can enable bash auditing. I don't think the same solution exists for RHEL4 (yet?).
As far as why, I've been requested to set it up for PCI compliance (since developers have access to credit card numbers, etc. without going through sudo) but all my CC handling servers are RHEL4 so... :-/
Rob Marti
-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of Percy Barboza
Sent: Tuesday, June 09, 2009 4:37 PM
To: General Red Hat Linux discussion list
Subject: RE: users logs
Tripwire??
percy
> Date: Tue, 9 Jun 2009 19:32:56 +0100
> From: yousfia at gmail.com
> To: redhat-list at redhat.com
> Subject: Re: users logs
>
> I want to get this tips for preventive reason for violating or doing
> something silly like changing config files...etc.
> AY.
>
> On Tue, Jun 9, 2009 at 7:17 PM, mark <m.roth2006 at rcn.com> wrote:
>
> > Abdelkader Yousfi wrote:
> > > so you mean no way for having each command hit by each users except
> > getting
> > > bach_history file !!!
> > > because i want to get my system more secure and seeing each user what he
> > > does or what he is doing in shell
> > > Thx!
> > >
> > I am now questioning *why* you want to do this. Is this a requirement from
> > management, and, if so, for what reason? Do you believe someone inside is
> > grossly violating company policy, or doing corporate espionage?
> >
> > mark
> > > On Tue, Jun 9, 2009 at 4:40 PM, mark <m.roth2006 at rcn.com> wrote:
> > >
> > >> Abdelkader Yousfi wrote:
> > >>> All,
> > >>>
> > >>> How can we know on RHEL what each users is doing on the system
> > (commands,
> > >>> file accessing...etc)?
> > >>> Thanks!
> > >> Are you talking about *every* *single* *command* (assuming we're not
> > >> talking X
> > >> here, but shell), or just when they issue commands with root privilege?
> > >>
> > >> If the latter, they should be using sudo most of the time, and then
> > >> everything
> > >> will be logged in /var/log/secure.
> > >>
> > >> If you mean the former, that's inane. They started doing that at a major
> > >> corporation I worked at in '03, allegedly as part of their SOX
> > >> (Sarbanes-Oxley)
> > >> compliance, and it's a bad joke; it's more 'if anyone ever asks, we'll
> > bury
> > >> them under so much info that they'll never find what they're looking
> > for".
> > >>
> > >> Really - what do you actually *need* to know? What are you trying to
> > >> achieve?
> > >> Logging everything that everyone does, say, by copying their
> > .bash_history
> > >> file
> > >> every few minutes, or adding a shell wrapper that logs it, the way the
> > >> company
> > >> I worked for did, for more than a handful of people will *bury* you.
> > >>
> > >> While we're at it, though I hate it, are you using selinux?
> > >>
> > >> mark
> > >>
> > >> --
> > >> redhat-list mailing list
> > >> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > >> https://www.redhat.com/mailman/listinfo/redhat-list
> > >>
> > >
> > >
> > >
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
>
>
> --
> Best Regards,
> Abdelkader
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
_________________________________________________________________
Missed any of the IPL matches ? Catch a recap of all the action on MSN Videos
http://msnvideos.in/iplt20/msnvideoplayer.aspx--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=subscribe
https://www.redhat.com/mailman/listinfo/redhat-list
------------------------------
Message: 10
Date: Tue, 09 Jun 2009 16:50:51 -0500
From: mark <m.roth2006 at rcn.com>
Subject: Re: users logs
To: General Red Hat Linux discussion list <redhat-list at redhat.com>
Message-ID: <4A2ED93B.1030907 at rcn.com>
Content-Type: text/plain; charset=ISO-8859-1
Marti, Rob wrote:
> If you're using RHEL5 you can enable bash auditing. I don't think the same
> solution exists for RHEL4 (yet?).
>
> As far as why, I've been requested to set it up for PCI compliance (since
> developers have access to credit card numbers, etc. without going through
> sudo) but all my CC handling servers are RHEL4 so... :-/
Oh.
I came off a contract the end of April at a company that's both a root CA, and
does managed security for PCI/CSS, so I have a clue what you're dealing with.
One question: the *developers* have access to numbers, and not test numbers? I
believe that you can request card numbers with info explicitly for development
and testing. All the rest should be encrypted everywhere where it's not inside
a secure subnet, and they'd prefer then, as well, if I understand it correctly.
mark
------------------------------
Message: 11
Date: Tue, 9 Jun 2009 16:55:04 -0500
From: "Marti, Rob" <RJM002 at shsu.edu>
Subject: RE: users logs
To: General Red Hat Linux discussion list <redhat-list at redhat.com>
Message-ID:
<8FAC1E47484E43469AA28DBF35C955E4A494948C75 at EXMBX.SHSU.EDU>
Content-Type: text/plain; charset="us-ascii"
Yeah, the developers sometimes have to troubleshoot code on production systems (we try to split dev and prod but are not always successful). We're working on a better split, but its not just CC numbers... socials in the database, etc.
Bash auditing is pretty win.
Rob Marti
-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of mark
Sent: Tuesday, June 09, 2009 4:51 PM
To: General Red Hat Linux discussion list
Subject: Re: users logs
Marti, Rob wrote:
> If you're using RHEL5 you can enable bash auditing. I don't think the same
> solution exists for RHEL4 (yet?).
>
> As far as why, I've been requested to set it up for PCI compliance (since
> developers have access to credit card numbers, etc. without going through
> sudo) but all my CC handling servers are RHEL4 so... :-/
Oh.
I came off a contract the end of April at a company that's both a root CA, and
does managed security for PCI/CSS, so I have a clue what you're dealing with.
One question: the *developers* have access to numbers, and not test numbers? I
believe that you can request card numbers with info explicitly for development
and testing. All the rest should be encrypted everywhere where it's not inside
a secure subnet, and they'd prefer then, as well, if I understand it correctly.
mark
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
------------------------------
Message: 12
Date: Tue, 09 Jun 2009 17:15:18 -0500
From: mark <m.roth2006 at rcn.com>
Subject: Re: users logs
To: General Red Hat Linux discussion list <redhat-list at redhat.com>
Message-ID: <4A2EDEF6.1000205 at rcn.com>
Content-Type: text/plain; charset=ISO-8859-1
Marti, Rob wrote:
> Yeah, the developers sometimes have to troubleshoot code on production
> systems (we try to split dev and prod but are not always successful). We're
> working on a better split, but its not just CC numbers... socials in the
> database, etc.
Oh, boy. If everyone's not already had criminal background & credit checks, I
suspect it's coming sooner rather than later.
>
> Bash auditing is pretty win.
>
As I said, I still think that you'll wind up with so much info that trying to
find anything relevant will be a major task.
mark
> Rob Marti
>
> -----Original Message----- From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of mark Sent: Tuesday,
> June 09, 2009 4:51 PM To: General Red Hat Linux discussion list Subject: Re:
> users logs
>
> Marti, Rob wrote:
>> If you're using RHEL5 you can enable bash auditing. I don't think the
>> same solution exists for RHEL4 (yet?).
>>
>> As far as why, I've been requested to set it up for PCI compliance (since
>> developers have access to credit card numbers, etc. without going through
>> sudo) but all my CC handling servers are RHEL4 so... :-/
>
> Oh.
>
> I came off a contract the end of April at a company that's both a root CA,
> and does managed security for PCI/CSS, so I have a clue what you're dealing
> with.
>
> One question: the *developers* have access to numbers, and not test numbers?
> I believe that you can request card numbers with info explicitly for
> development and testing. All the rest should be encrypted everywhere where
> it's not inside a secure subnet, and they'd prefer then, as well, if I
> understand it correctly.
>
> mark
>
------------------------------
Message: 13
Date: Wed, 10 Jun 2009 16:38:27 +0530
From: lakhan goud <lakchman143 at gmail.com>
Subject: hi
To: redhat-list at redhat.com
Message-ID:
<92f8c7c20906100408h43d66e84t4776df0917ff71cc at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
please Send me DNS Server configuration . RHEL 5.2
step by step .
Thank you so much
------------------------------
Message: 14
Date: Wed, 10 Jun 2009 14:13:42 +0200
From: Kenneth Holter <kenneho.ndu at gmail.com>
Subject: stunnel connection retries flooding the firewall
To: redhat-list at redhat.com
Message-ID:
<c25f25140906100513mfdad0d4x3387a22c52513b14 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Hi all.
We're using stunnel to transport syslog messages from clients to a central
log host. During a problem with our firewall, in which the clients lost
connection with the log host, I discovered that the syslog clients never
seemed to give up trying to contact the log host. This resultet in an
enormous amount of connection retires. I'm not sure if this is a feature of
TLS or TCP, but if I remember correctly TCP gives up after seven retries.
Now I'm worried about what will happen when I bring down the log host for
maintenace - will the clients flood the firewalls causing general network
problems? I figure I'll need to reduce the retry interval or take some other
measures.
I anyone know how to go about dealing with this issue I'd greatly appreciate
some hints.
Regards,
Kenneth Holter
------------------------------
Message: 15
Date: Wed, 10 Jun 2009 07:26:37 -0500
From: Phebe_Mertes at aotx.uscourts.gov
Subject: Re: users logs
To: General Red Hat Linux discussion list <redhat-list at redhat.com>
Message-ID:
<OFD783EFEA.867F6A94-ON862575D1.004438E7-862575D1.00445847 at uscmail.uscourts.gov>
Content-Type: text/plain; charset=US-ASCII
http://logcheck.org/
is how I used to ignore message log entries I didn't want to see, but it
was still mind numbing work to review the filtered logs every morning from
all the servers.
Phebe Mertes
210-301-6271
From: mark <m.roth2006 at rcn.com>
To: General Red Hat Linux discussion list <redhat-list at redhat.com>
Date: 06/09/2009 05:15 PM
Subject: Re: users logs
Sent by: redhat-list-bounces at redhat.com
Marti, Rob wrote:
> Yeah, the developers sometimes have to troubleshoot code on production
> systems (we try to split dev and prod but are not always successful).
We're
> working on a better split, but its not just CC numbers... socials in the
> database, etc.
Oh, boy. If everyone's not already had criminal background & credit checks,
I
suspect it's coming sooner rather than later.
>
> Bash auditing is pretty win.
>
As I said, I still think that you'll wind up with so much info that trying
to
find anything relevant will be a major task.
mark
> Rob Marti
>
> -----Original Message----- From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of mark Sent: Tuesday,
> June 09, 2009 4:51 PM To: General Red Hat Linux discussion list Subject:
Re:
> users logs
>
> Marti, Rob wrote:
>> If you're using RHEL5 you can enable bash auditing. I don't think the
>> same solution exists for RHEL4 (yet?).
>>
>> As far as why, I've been requested to set it up for PCI compliance
(since
>> developers have access to credit card numbers, etc. without going
through
>> sudo) but all my CC handling servers are RHEL4 so... :-/
>
> Oh.
>
> I came off a contract the end of April at a company that's both a root
CA,
> and does managed security for PCI/CSS, so I have a clue what you're
dealing
> with.
>
> One question: the *developers* have access to numbers, and not test
numbers?
> I believe that you can request card numbers with info explicitly for
> development and testing. All the rest should be encrypted everywhere
where
> it's not inside a secure subnet, and they'd prefer then, as well, if I
> understand it correctly.
>
> mark
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
------------------------------
Message: 16
Date: Wed, 10 Jun 2009 15:00:31 +0200
From: George Magklaras <georgios at biotek.uio.no>
Subject: Re: users logs
To: General Red Hat Linux discussion list <redhat-list at redhat.com>
Message-ID: <4A2FAE6F.9090308 at biotek.uio.no>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
I have read your request and followed a bit the rather long thread. One
way to tackle this issue, addressing the bad folk within and beyond is
to use an execve logger. You might find my MPhil thesis interesting:
http://folk.uio.no/georgios/papers/magklarasmphilthesis.pdf
Page 202 of the Appendix contains sample code employing an execve
logging wrapper. What this does is to give you all the commands execv-ed
per user ID and dump them via syslogd to a suitable location. Collecting
shell history files is not a good idea because it might omit important
info and a simple text file is easily erasable by someone who is serious
about covering his tracks. A log wrapper is not immune to a skilled
attacker determined to cover his/her tracks but it is more difficult to
circumvent. This should give you commands and arguments.
Be warned however that on a very busy system, this can I/O starve your
machine. In fact, I am re-writing the wrapper calls to address these issues.
Hope this helps.
--
--
George Magklaras BSc Hons MPhil
RHCE:805008309135525
Senior Computer Systems Engineer/UNIX-Linux Systems Administrator
EMBnet Technical Management Board
The Biotechnology Centre of Oslo,
University of Oslo
http://folk.uio.no/georgios
Tel: +47-22840535
--
Abdelkader Yousfi wrote:
> All,
>
> How can we know on RHEL what each users is doing on the system (commands,
> file accessing...etc)?
> Thanks!
>
> Best Regards,
> Abdelkader Y.
> VAS & Intelligent Network Team Leader
------------------------------
Message: 17
Date: Wed, 10 Jun 2009 08:05:55 -0500
From: "Marti, Rob" <RJM002 at shsu.edu>
Subject: RE: users logs
To: "'General Red Hat Linux discussion list'" <redhat-list at redhat.com>
Message-ID:
<8FAC1E47484E43469AA28DBF35C955E4A494948C78 at EXMBX.SHSU.EDU>
Content-Type: text/plain; charset="us-ascii"
My problem with many of the attempts at logging the commands a user runs (and I havn't looked at yours George, so if yours does this then ignore me :) is they don't take things like vim into account. If you vim a file, you can launch a shell from within that vim session and not have any of the normal logging process. The bash auditing that RH set up for RHEL5 logs every keystroke, in and out of vim, etc.
Now, I'm not saying that I'd peruse these logs daily. They'd only be of any use after the fact on any system that gets any real use. And, to make sure that none of the data is corrupted remote logging is required.
Rob Marti
-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of George Magklaras
Sent: Wednesday, June 10, 2009 8:01 AM
To: General Red Hat Linux discussion list
Subject: Re: users logs
I have read your request and followed a bit the rather long thread. One
way to tackle this issue, addressing the bad folk within and beyond is
to use an execve logger. You might find my MPhil thesis interesting:
http://folk.uio.no/georgios/papers/magklarasmphilthesis.pdf
Page 202 of the Appendix contains sample code employing an execve
logging wrapper. What this does is to give you all the commands execv-ed
per user ID and dump them via syslogd to a suitable location. Collecting
shell history files is not a good idea because it might omit important
info and a simple text file is easily erasable by someone who is serious
about covering his tracks. A log wrapper is not immune to a skilled
attacker determined to cover his/her tracks but it is more difficult to
circumvent. This should give you commands and arguments.
Be warned however that on a very busy system, this can I/O starve your
machine. In fact, I am re-writing the wrapper calls to address these issues.
Hope this helps.
--
--
George Magklaras BSc Hons MPhil
RHCE:805008309135525
Senior Computer Systems Engineer/UNIX-Linux Systems Administrator
EMBnet Technical Management Board
The Biotechnology Centre of Oslo,
University of Oslo
http://folk.uio.no/georgios
Tel: +47-22840535
--
Abdelkader Yousfi wrote:
> All,
>
> How can we know on RHEL what each users is doing on the system (commands,
> file accessing...etc)?
> Thanks!
>
> Best Regards,
> Abdelkader Y.
> VAS & Intelligent Network Team Leader
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
------------------------------
__
redhat-list mailing list
Unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
End of redhat-list Digest, Vol 64, Issue 10
*******************************************
More information about the redhat-list
mailing list