SUMMARY: root audit

From: Rasmussen, Thorfinn T <Thorfinn.Rasmussen_at_standardbank.com>
Date: Wed Sep 04 2002 - 08:06:37 EDT
Hi,


Thanks to:
Kim, Daniel J
Glass, David
sunsrv@blr.cmc.net.in
Robert Brockway
Tim Evans
mike salehi
Santos, Ramiro
Doug Winter
Mortensen, Henrik
Johan Hartzenberg
Kim, Daniel J
ed rolison
JULIAN, JOHN C
Tim Thomas
john65@pobox.com
Jeff Lucas
Eric Shafto
adam zimmerman


Summary:
A lot of people pointed out that root could almost always work his/her way
around any auditing measures setup, and that the company should hire root
users they trust. I personally agree with this, but at the same time I can
see why you would want to audit the root account - especially in a company
where root rould potentially send large financial payments to external
accounts.

The response seemed to be divided into 3 answers:

1. Use sudo or a similar packet. While this is a good idea, it would be a
pain to maintain and administer. Every time you'd need to run something as
root, you'd basically have to setup the whole environment etc. in the same
sudo command.
2. Setup a syslog server which root doesn't have access to and let your
system log everything to this server.
3. User PowerBroker from SyMark software. While this seems like a good tool,
for our purpose it would cost about fifty thousand USD which seems a bit
much for auditing one account.


Original question:
Does anyone know any good tools for auditing root activity? Our PHBs would
like some sort of auditing so they can see what we get up to. Are there any
ready-made tools out there?

One solution would be to use the 'script' command in root's profile (that's
basically the functionality we're trying to achieve), but that obviously
would only work if you did an 'su -' as opposed to an 'su'.

Process accounting doesn't really do the trick. Partly it's too much
overhead, partly we'll not see all arguments and switches that are passed to
a command.

We would prefer a cross-platform solution as we need to monitor HP-UX
servers as well.


Cheers,
Thorfinn


************************************************************************************************************
More information on Standard Bank is available at www.standardbank.com

Everything in this email and any attachments relating to the official business 
of Standard Bank Group Limited and any or all subsidiaries, the Company, is
proprietary to the Company. It is confidential, legally privileged and protected
by relevant laws. The Company does not own and endorse any other content.
Views and opinions are those of the sender unless clearly stated as being 
that of the Company.

The person or persons addressed in this email are the sole authorised 
recipient. Please notify the sender immediately if it has unintentionally, 
or inadvertently reached you and do not read, disclose or use the content 
in any way and delete this e-mail from your system. 

The Company cannot ensure that the integrity of this email has been
maintained nor that it is free of errors, virus, interception or interference.
The sender therefore does not accept liability for any errors or omissions 
in the contents of this message which arise as a result of e-mail transmission. 
If verification is required please request a hard-copy version. This message 
is provided for informational purposes and should not be construed as a 
solicitation or offer to buy or sell any securities or related financial instruments.
***********************************************************************************************************
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Wed Sep 4 08:12:02 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:54 EST