|
-
February 4th, 2009, 12:25 PM
#1
tracking of users
hi,
I run a bunch of red hat servers that are pretty tightly secured (osiris, snort+base,behind 2 different firewalls 2 factor auth vpn access etc...), yet for support purposes I have to allow remote access to the soft editor through a jump box and then use sudo for any commands.
With osiris I'm able to see the file changed etc... which is excellent but not enough.
With sudo i can track any of the commands issued.
My issue is that the application is text menu driven, and I don't get see the options chosen...those never makes it to my log server. Which makes my traceability quiete difficult.
I've taught of setting up a key logger but I wanted to check if there was any other options before moving to such radical move.
assembly.... digital dna ?
-
February 5th, 2009, 10:19 PM
#2
A lot of server programs keep log files...apache, ssl, squid, etc... I'm not familiar with how vpn works so I apologize for my inability to give a good answer. I personally view logs for all my servers using webmin. Maybe it can help?
Similar Threads
-
By JP in forum Site Feedback/Questions/Suggestions
Replies: 23
Last Post: October 20th, 2004, 07:24 PM
-
By moxnix in forum Spyware / Adware
Replies: 7
Last Post: July 8th, 2004, 01:42 PM
-
By MrLinus in forum Miscellaneous Security Discussions
Replies: 25
Last Post: January 30th, 2004, 12:16 AM
-
By -DaRK-RaiDeR- in forum Newbie Security Questions
Replies: 9
Last Post: December 14th, 2002, 08:38 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
