[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Auditing root shells

Subject: [ale] Auditing root shells
From: jb at sourceillustrated.com (John Wells)
Date: Mon, 19 Sep 2005 09:48:27 -0400 (EDT)
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

James P. Kinney III said:
> RedHat recommends to make root shell /bin/nologin and use sudo. Runlevel
> 1 becomes impossible with out a boot disk, though.

Yeah...that's my rule currently, but getting a lot of complaints from
admins complaining that "it's too hard/cumbersome" to do.  Doesn't carry a
lot of weight here, but if there's a more implicit solution out there I'm
open to options.

Because of the power of root to remove said logs, it'd be even nicer to
have logging go across the wire to secure, centralized box...

Thanks,
John

Follow-Ups:
- [ale] Auditing root shells
  - From: cfowler at outpostsentinel.com (Christopher Fowler)

References:
- [ale] Auditing root shells
  - From: jb at sourceillustrated.com (John Wells)
- [ale] Auditing root shells
  - From: jkinney at localnetsolutions.com (James P. Kinney III)

Prev by Date: [ale] Auditing root shells
Next by Date: [ale] Auditing root shells
Previous by thread: [ale] Auditing root shells
Next by thread: [ale] Auditing root shells
Index(es):
- Date
- Thread