User Auditing
m.roth at 5-cent.us
m.roth at 5-cent.us
Thu Sep 23 15:52:16 UTC 2010
Marti, Robert wrote:
> I'm a fan of auditing root keystrokes and shipping them off the box - you
> can see what happens if your server gets compromised or if you have a
> disgruntled employee by setting up alerts on the log correlation box.
> Plus it allows a historical view of an event that bash_history doesn't
> always - especially if the admin doesn't use a shell that has a history.
> Auditing normal users, however, typically isn't worth it.
>
Ok, if you *know* you have a disgruntled employee. However, I worked at a
place about 4 years ago that implemented command logging of *every*
command of *every* user. Slowed the system down, visibly... and IMO,
created a hostile work environment, telling the employees that no,
management *did not* trust them, an attitude guaranteed to turn gruntled
employees into disgruntled ones. <g>
You'll note I don't work there anymore (though that was for more reasons
than just this).
<snip>
mark
More information about the redhat-list
mailing list