[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: User Auditing



Marti, Robert wrote:
> I'm a fan of auditing root keystrokes and shipping them off the box - you
> can see what happens if your server gets compromised or if you have a
> disgruntled employee by setting up alerts on the log correlation box.
> Plus it allows a historical view of an event that bash_history doesn't
> always - especially if the admin doesn't use a shell that has a history.
> Auditing normal users, however, typically isn't worth it.
>
Ok, if you *know* you have a disgruntled employee. However, I worked at a
place about 4 years ago that implemented command logging of *every*
command of *every* user. Slowed the system down, visibly... and IMO,
created a hostile work environment, telling the employees that no,
management *did not* trust them, an attitude guaranteed to turn gruntled
employees into disgruntled ones. <g>

You'll note I don't work there anymore (though that was for more reasons
than just this).
<snip>

         mark



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]