On Mon, Apr 20, 2009 at 09:22:35AM +0100, Zavodsky, Daniel (GE Money) wrote: > I do not know if this is very helpful security-wise. The only > way to reliably log root activity is sending it somewhere else e.g. via > the network. In single user mode there is no network and since a user > has root access to the system, they can delete or alter the log file. > On enterprise storage there is usually the option to disallow > rewriting of already written blocks on certain LUNs which can be used > for the purpose of secure logging of root activity too.
Yes, when you have local root access, all bets are off. But, the system he is talking about does have preventative measures in place, hence the /bin/pdksh he wants to use. If the user somehow gains access to and changes the Grub config, then he can undo all the changes and the logging, but this won't be as straight forward as with the vanilla Bash, and if you can't trust them that far, then what can you do? -- Justin Cook _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
