On 2011 Nov 15, at 19:04 , Jo Rhett wrote: > On Nov 15, 2011, at 4:49 PM, Mark McCullough wrote:
> Ah, we're syslogging to a closed system so that's not the issue. Wasn't an option in our build (syslog, not just syslog to closed system). >> I admit, my experience with rootsh is four years old. But we'd been using >> it for many years before then and were never happy with it. We just didn't >> have any better option then. > > What do you consider a better option now? ksh-93 with SHOPT_AUDIT feature. We can monitor based on euid, send the command line history rather than keystrokes. Makes it a lot easier to monitor through automation for commands that require further explanation as to why they were done. ---- "The speed of communications is wondrous to behold. It is also true that speed can multiply the distribution of information that we know to be untrue." Edward R Murrow (1964) Mark McCullough [email protected] _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
