Re: [CentOS] OT: Q: Howto implement a monitored Shell for remote logins

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



try out Zorp. See www.balabit.com for more info. They have SSH proxy and
it works great. You can audit the channel and enable/disable subchannels
(X Forwarding etc.) Right now they released a Shell Control Box product
(web based administration etc.) It's commercial product but works great.

bye,
Ago

Will McDonald írta:
> On 14/11/06, Sanjay Arora <sanjay.k.arora@xxxxxxxxx> wrote:
>> I sometimes need to allow sub-contracted admins root ssh access to my
>> servers. Later, I always wonder what they did during access.
>>
>> Is there any shell that provides all shell abilities to the remote user
>> but monitors/emails a designated user each command executed in the shell
>> terminal and does not allow the user (even root) to modify the bash
>> history file or
>> similar shell history file, or maybe sending each command by email to a
>> remote server, so that modifying history becomes out of question?
>
> If you only allow them to...
>
> $ sudo su -
> #
>
> ... doesn't sudo then keep track of their actions? There are other
> alternatives, sudosh for one.
>
> http://sourceforge.net/projects/sudosh/
>
> I'm pretty certain there are others too, from memory of the last time
> I looked into shell auditing.
>
> Will.
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos


-- 
"Én már csak azt várom, aki emberként szeret,
Nincs több álom, nincs több kifosztott képzelet"

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux