Hello,
I do not know if this is very helpful security-wise. The only
way to reliably log root activity is sending it somewhere else e.g. via
the network. In single user mode there is no network and since a user
has root access to the system, they can delete or alter the log file.
On enterprise storage there is usually the option to disallow
rewriting of already written blocks on certain LUNs which can be used
for the purpose of secure logging of root activity too.
Regards,
Daniel
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Justin Cook
Sent: Monday, April 20, 2009 8:38 AM
To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
Subject: Re: [rhelv5-list] Regarding boot in single user
On Sun, Apr 19, 2009 at 03:44:28PM -0700, Lavannya wrote:
> In single user mode , in absence of powerbroker master , it keeps the
> log in / as pbshell.log, and it will keep all the key strokes ( if
the policy is created) in this file. So my intention is i want to keep
all the key strokes of the users who logged in as root.
>
> Yes I tested though, root=/bin/pbksh in the kernel line and it
workied. But , no users will type that option, as because for key
stroke logging. So i want if something i can set it ,that way by default
the shell willbe set as /bin/pbksh.
>
> Thanks again for your help and suggession.
So, why don't you create the grub entry for them so they can select it
at boot, and then password protect Grub? This is a much cleaner option
and this is why grub has this facility in the first place.
Regards,
--
Justin Cook
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
