February 4th, 2009, 11:25 AM
tracking of users
I run a bunch of red hat servers that are pretty tightly secured (osiris, snort+base,behind 2 different firewalls 2 factor auth vpn access etc...), yet for support purposes I have to allow remote access to the soft editor through a jump box and then use sudo for any commands.
With osiris I'm able to see the file changed etc... which is excellent but not enough.
With sudo i can track any of the commands issued.
My issue is that the application is text menu driven, and I don't get see the options chosen...those never makes it to my log server. Which makes my traceability quiete difficult.
I've taught of setting up a key logger but I wanted to check if there was any other options before moving to such radical move.
assembly.... digital dna ?
February 5th, 2009, 09:19 PM
A lot of server programs keep log files...apache, ssl, squid, etc... I'm not familiar with how vpn works so I apologize for my inability to give a good answer. I personally view logs for all my servers using webmin. Maybe it can help?
By akachuckie in forum The Security Tutorials Forum
Last Post: February 24th, 2005, 12:47 AM
By JP in forum Site Feedback/Questions/Suggestions
Last Post: October 20th, 2004, 07:24 PM
By moxnix in forum Spyware / Adware
Last Post: July 8th, 2004, 01:42 PM
By MrLinus in forum Miscellaneous Security Discussions
Last Post: January 29th, 2004, 11:16 PM
By -DaRK-RaiDeR- in forum Newbie Security Questions
Last Post: December 14th, 2002, 07:38 PM