If you don't trust the root user of your host node, I think you are in trouble.
For me, it's not about trust but logging and completeness. I trust myself and our security, but having a more complete log of when the sysadmin stepped in would help our own auditing processes.
I hope that it will be implemented ASAP by openvz dev team.
Login messages, such as they are, happen when the login program or sshd or similar, make a log entry. If the program doing the login is not making a log entry, so be it.
Hypothetically, couldn't "vzctl enter" make such a log entry before launching bash ? Hmmmmm. Looking at enter.c I see no reason they couldn't insert some logging code right before the "exec bash" -- except that it would be platform-dependent based on the container's OS.
Still, OpenSSH's loginrec.c provides some nice examples of how to log logins and wtmps and the like, with a large degree of platform independence. Hmmmmmmm?
-- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ _______________________________________________ Users mailing list [email protected] https://openvz.org/mailman/listinfo/users
