----- Original Message -----
From: redhat-list-bounces@xxxxxxxxxx <redhat-list-bounces@xxxxxxxxxx>
To: redhat-list@xxxxxxxxxx <redhat-list@xxxxxxxxxx>
Sent: Wed Jun 10 12:00:30 2009
Subject: redhat-list Digest, Vol 64, Issue 10
Send redhat-list mailing list submissions to
redhat-list@xxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
https://www.redhat.com/mailman/listinfo/redhat-list
or, via email, send a message with subject or body 'help' to
redhat-list-request@xxxxxxxxxx
You can reach the person managing the list at
redhat-list-owner@xxxxxxxxxx
When replying, please edit your Subject line so it is more specific
than "Re: Contents of redhat-list digest..."
Today's Topics:
1. Re: users logs (Abdelkader Yousfi)
2. Re: users logs (mark)
3. Re: users logs (Abdelkader Yousfi)
4. Re: users logs (mark)
5. ftp ssl (Troy Knabe)
6. RE: ftp ssl (Henrik Schmiediche)
7. RE: ftp ssl (Florez, Nestor)
8. RE: users logs (Percy Barboza)
9. RE: users logs (Marti, Rob)
10. Re: users logs (mark)
11. RE: users logs (Marti, Rob)
12. Re: users logs (mark)
13. hi (lakhan goud)
14. stunnel connection retries flooding the firewall (Kenneth Holter)
15. Re: users logs (Phebe_Mertes@xxxxxxxxxxxxxxxxx)
16. Re: users logs (George Magklaras)
17. RE: users logs (Marti, Rob)
----------------------------------------------------------------------
Message: 1
Date: Tue, 9 Jun 2009 19:08:07 +0100
From: Abdelkader Yousfi <yousfia@xxxxxxxxx>
Subject: Re: users logs
To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx>
Message-ID:
<ca6218bb0906091108u53640752rd1ab7d7522926d7d@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1
so you mean no way for having each command hit by each users except getting
bach_history file !!!
because i want to get my system more secure and seeing each user what he
does or what he is doing in shell
Thx!
On Tue, Jun 9, 2009 at 4:40 PM, mark <m.roth2006@xxxxxxx> wrote:
> Abdelkader Yousfi wrote:
> > All,
> >
> > How can we know on RHEL what each users is doing on the system (commands,
> > file accessing...etc)?
> > Thanks!
>
> Are you talking about *every* *single* *command* (assuming we're not
> talking X
> here, but shell), or just when they issue commands with root privilege?
>
> If the latter, they should be using sudo most of the time, and then
> everything
> will be logged in /var/log/secure.
>
> If you mean the former, that's inane. They started doing that at a major
> corporation I worked at in '03, allegedly as part of their SOX
> (Sarbanes-Oxley)
> compliance, and it's a bad joke; it's more 'if anyone ever asks, we'll bury
> them under so much info that they'll never find what they're looking for".
>
> Really - what do you actually *need* to know? What are you trying to
> achieve?
> Logging everything that everyone does, say, by copying their .bash_history
> file
> every few minutes, or adding a shell wrapper that logs it, the way the
> company
> I worked for did, for more than a handful of people will *bury* you.
>
> While we're at it, though I hate it, are you using selinux?
>
> mark
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
Best Regards,
Abdelkader
------------------------------
Message: 2
Date: Tue, 09 Jun 2009 13:17:21 -0500
From: mark <m.roth2006@xxxxxxx>
Subject: Re: users logs
To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx>
Message-ID: <4A2EA731.9010302@xxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1
Abdelkader Yousfi wrote:
> so you mean no way for having each command hit by each users except getting
> bach_history file !!!
> because i want to get my system more secure and seeing each user what he
> does or what he is doing in shell
> Thx!
>
I am now questioning *why* you want to do this. Is this a requirement from
management, and, if so, for what reason? Do you believe someone inside is
grossly violating company policy, or doing corporate espionage?
mark
> On Tue, Jun 9, 2009 at 4:40 PM, mark <m.roth2006@xxxxxxx> wrote:
>
>> Abdelkader Yousfi wrote:
>>> All,
>>>
>>> How can we know on RHEL what each users is doing on the system (commands,
>>> file accessing...etc)?
>>> Thanks!
>> Are you talking about *every* *single* *command* (assuming we're not
>> talking X
>> here, but shell), or just when they issue commands with root privilege?
>>
>> If the latter, they should be using sudo most of the time, and then
>> everything
>> will be logged in /var/log/secure.
>>
>> If you mean the former, that's inane. They started doing that at a major
>> corporation I worked at in '03, allegedly as part of their SOX
>> (Sarbanes-Oxley)
>> compliance, and it's a bad joke; it's more 'if anyone ever asks, we'll bury
>> them under so much info that they'll never find what they're looking for".
>>
>> Really - what do you actually *need* to know? What are you trying to
>> achieve?
>> Logging everything that everyone does, say, by copying their .bash_history
>> file
>> every few minutes, or adding a shell wrapper that logs it, the way the
>> company
>> I worked for did, for more than a handful of people will *bury* you.
>>
>> While we're at it, though I hate it, are you using selinux?
>>
>> mark
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>
>
------------------------------
Message: 3
Date: Tue, 9 Jun 2009 19:32:56 +0100
From: Abdelkader Yousfi <yousfia@xxxxxxxxx>
Subject: Re: users logs
To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx>
Message-ID:
<ca6218bb0906091132v2b025629td30b68894e3ac343@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1
I want to get this tips for preventive reason for violating or doing
something silly like changing config files...etc.
AY.
On Tue, Jun 9, 2009 at 7:17 PM, mark <m.roth2006@xxxxxxx> wrote:
> Abdelkader Yousfi wrote:
> > so you mean no way for having each command hit by each users except
> getting
> > bach_history file !!!
> > because i want to get my system more secure and seeing each user what he
> > does or what he is doing in shell
> > Thx!
> >
> I am now questioning *why* you want to do this. Is this a requirement from
> management, and, if so, for what reason? Do you believe someone inside is
> grossly violating company policy, or doing corporate espionage?
>
> mark
> > On Tue, Jun 9, 2009 at 4:40 PM, mark <m.roth2006@xxxxxxx> wrote:
> >
> >> Abdelkader Yousfi wrote:
> >>> All,
> >>>
> >>> How can we know on RHEL what each users is doing on the system
> (commands,
> >>> file accessing...etc)?
> >>> Thanks!
> >> Are you talking about *every* *single* *command* (assuming we're not
> >> talking X
> >> here, but shell), or just when they issue commands with root privilege?
> >>
> >> If the latter, they should be using sudo most of the time, and then
> >> everything
> >> will be logged in /var/log/secure.
> >>
> >> If you mean the former, that's inane. They started doing that at a major
> >> corporation I worked at in '03, allegedly as part of their SOX
> >> (Sarbanes-Oxley)
> >> compliance, and it's a bad joke; it's more 'if anyone ever asks, we'll
> bury
> >> them under so much info that they'll never find what they're looking
> for".
> >>
> >> Really - what do you actually *need* to know? What are you trying to
> >> achieve?
> >> Logging everything that everyone does, say, by copying their
> .bash_history
> >> file
> >> every few minutes, or adding a shell wrapper that logs it, the way the
> >> company
> >> I worked for did, for more than a handful of people will *bury* you.
> >>
> >> While we're at it, though I hate it, are you using selinux?
> >>
> >> mark
> >>
> >> --
> >> redhat-list mailing list
> >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> >> https://www.redhat.com/mailman/listinfo/redhat-list
> >>
> >
> >
> >
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
Best Regards,
Abdelkader
------------------------------
Message: 4
Date: Tue, 09 Jun 2009 13:48:32 -0500
From: mark <m.roth2006@xxxxxxx>
Subject: Re: users logs
To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx>
Message-ID: <4A2EAE80.8040506@xxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1
Abdelkader Yousfi wrote:
> I want to get this tips for preventive reason for violating or doing
> something silly like changing config files...etc.
> AY.
Right. Ok, as I just said the other day, NO USERS EVER GET THE ROOT PASSWORD.
End of discussion.
*Nix is intended, from the git-go, as a multiuser system (unlike a certain o/s
from Redmond). User accounts are intended to be what users log into; they
should *not* log into root.
Some of the stricter companies have pushed no root login, even from the
console, that admins who need to work as root have to sudo or su to root.
Btw, this obviously is not the case for single user mode....
ONLY ones who have an actual need, that *your* manager approves, get sudo
privilege, and you can limit what commands they use, such as "user backup is
allowed to sudo rsync".
And *then* you've got records in /var/log/secure.
mark
------------------------------
Message: 5
Date: Tue, 9 Jun 2009 13:26:02 -0700
From: Troy Knabe <knabe@xxxxxxxxxxx>
Subject: ftp ssl
To: Red Hat Linux discussion list <redhat-list@xxxxxxxxxx>
Message-ID: <BB8AB8F7-C63C-4B65-AB41-5AD869C39DC3@xxxxxxxxxxx>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
I have to connect to a client who only allows ftp ssl (not sftp, and
not scp). I need to script it so that I can download the files
nightly. Does anyone have a good linux application and/or
documentation source that they recommend?
Thanks
--
Troy Knabe
knabe@xxxxxxxxxxx
------------------------------
Message: 6
Date: Tue, 9 Jun 2009 15:27:32 -0500
From: "Henrik Schmiediche" <henrik@xxxxxxxxxxxxx>
Subject: RE: ftp ssl
To: "'General Red Hat Linux discussion list'" <redhat-list@xxxxxxxxxx>
Message-ID: <000601c9e940$b79f02c0$26dd0840$@tamu.edu>
Content-Type: text/plain; charset="US-ASCII"
wget?
- Henrik
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx]
On Behalf Of Troy Knabe
Sent: Tuesday, June 09, 2009 3:26 PM
To: Red Hat Linux discussion list
Subject: ftp ssl
I have to connect to a client who only allows ftp ssl (not sftp, and
not scp). I need to script it so that I can download the files
nightly. Does anyone have a good linux application and/or
documentation source that they recommend?
Thanks
--
Troy Knabe
knabe@xxxxxxxxxxx
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
------------------------------
Message: 7
Date: Tue, 9 Jun 2009 13:29:22 -0700
From: "Florez, Nestor" <NFlorez@xxxxxxxxx>
Subject: RE: ftp ssl
To: "General Red Hat Linux discussion list" <redhat-list@xxxxxxxxxx>
Message-ID:
<1CF7137E18C1234082F572E8A816DFAE12C331B5@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"
How about something like this and set up a cron job
:-)
----------
#!/bin/sh
HOST='myhost'
USER='myuser'
PASSWD='mypwd'
FILE='myfile'
ftp -n $HOST <<END_SCRIPT
quote USER $USER
quote PASS $PASSWD
get $FILE
quit
END_SCRIPT
exit 0
------------------
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx]On Behalf Of Troy Knabe
Sent: Tuesday, June 09, 2009 1:26 PM
To: Red Hat Linux discussion list
Subject: ftp ssl
I have to connect to a client who only allows ftp ssl (not sftp, and
not scp). I need to script it so that I can download the files
nightly. Does anyone have a good linux application and/or
documentation source that they recommend?
Thanks
--
Troy Knabe
knabe@xxxxxxxxxxx
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
------------------------------
Message: 8
Date: Tue, 9 Jun 2009 21:37:12 +0000
From: Percy Barboza <p_barboza@xxxxxxxxxxx>
Subject: RE: users logs
To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx>
Message-ID: <BAY101-W10A33DA9D4C4F339A8CFD387440@xxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"
Tripwire??
percy
> Date: Tue, 9 Jun 2009 19:32:56 +0100
> From: yousfia@xxxxxxxxx
> To: redhat-list@xxxxxxxxxx
> Subject: Re: users logs
>
> I want to get this tips for preventive reason for violating or doing
> something silly like changing config files...etc.
> AY.
>
> On Tue, Jun 9, 2009 at 7:17 PM, mark <m.roth2006@xxxxxxx> wrote:
>
> > Abdelkader Yousfi wrote:
> > > so you mean no way for having each command hit by each users except
> > getting
> > > bach_history file !!!
> > > because i want to get my system more secure and seeing each user what he
> > > does or what he is doing in shell
> > > Thx!
> > >
> > I am now questioning *why* you want to do this. Is this a requirement from
> > management, and, if so, for what reason? Do you believe someone inside is
> > grossly violating company policy, or doing corporate espionage?
> >
> > mark
> > > On Tue, Jun 9, 2009 at 4:40 PM, mark <m.roth2006@xxxxxxx> wrote:
> > >
> > >> Abdelkader Yousfi wrote:
> > >>> All,
> > >>>
> > >>> How can we know on RHEL what each users is doing on the system
> > (commands,
> > >>> file accessing...etc)?
> > >>> Thanks!
> > >> Are you talking about *every* *single* *command* (assuming we're not
> > >> talking X
> > >> here, but shell), or just when they issue commands with root privilege?
> > >>
> > >> If the latter, they should be using sudo most of the time, and then
> > >> everything
> > >> will be logged in /var/log/secure.
> > >>
> > >> If you mean the former, that's inane. They started doing that at a major
> > >> corporation I worked at in '03, allegedly as part of their SOX
> > >> (Sarbanes-Oxley)
> > >> compliance, and it's a bad joke; it's more 'if anyone ever asks, we'll
> > bury
> > >> them under so much info that they'll never find what they're looking
> > for".
> > >>
> > >> Really - what do you actually *need* to know? What are you trying to
> > >> achieve?
> > >> Logging everything that everyone does, say, by copying their
> > .bash_history
> > >> file
> > >> every few minutes, or adding a shell wrapper that logs it, the way the
> > >> company
> > >> I worked for did, for more than a handful of people will *bury* you.
> > >>
> > >> While we're at it, though I hate it, are you using selinux?
> > >>
> > >> mark
> > >>
> > >> --
> > >> redhat-list mailing list
> > >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > >> https://www.redhat.com/mailman/listinfo/redhat-list
> > >>
> > >
> > >
> > >
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
>
>
> --
> Best Regards,
> Abdelkader
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
_________________________________________________________________
Missed any of the IPL matches ? Catch a recap of all the action on MSN Videos
http://msnvideos.in/iplt20/msnvideoplayer.aspx
------------------------------
Message: 9
Date: Tue, 9 Jun 2009 16:42:44 -0500
From: "Marti, Rob" <RJM002@xxxxxxxx>
Subject: RE: users logs
To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx>
Message-ID:
<8FAC1E47484E43469AA28DBF35C955E4A494948C74@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"
If you're using RHEL5 you can enable bash auditing. I don't think the same solution exists for RHEL4 (yet?).
As far as why, I've been requested to set it up for PCI compliance (since developers have access to credit card numbers, etc. without going through sudo) but all my CC handling servers are RHEL4 so... :-/
Rob Marti
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Percy Barboza
Sent: Tuesday, June 09, 2009 4:37 PM
To: General Red Hat Linux discussion list
Subject: RE: users logs
Tripwire??
percy
> Date: Tue, 9 Jun 2009 19:32:56 +0100
> From: yousfia@xxxxxxxxx
> To: redhat-list@xxxxxxxxxx
> Subject: Re: users logs
>
> I want to get this tips for preventive reason for violating or doing
> something silly like changing config files...etc.
> AY.
>
> On Tue, Jun 9, 2009 at 7:17 PM, mark <m.roth2006@xxxxxxx> wrote:
>
> > Abdelkader Yousfi wrote:
> > > so you mean no way for having each command hit by each users except
> > getting
> > > bach_history file !!!
> > > because i want to get my system more secure and seeing each user what he
> > > does or what he is doing in shell
> > > Thx!
> > >
> > I am now questioning *why* you want to do this. Is this a requirement from
> > management, and, if so, for what reason? Do you believe someone inside is
> > grossly violating company policy, or doing corporate espionage?
> >
> > mark
> > > On Tue, Jun 9, 2009 at 4:40 PM, mark <m.roth2006@xxxxxxx> wrote:
> > >
> > >> Abdelkader Yousfi wrote:
> > >>> All,
> > >>>
> > >>> How can we know on RHEL what each users is doing on the system
> > (commands,
> > >>> file accessing...etc)?
> > >>> Thanks!
> > >> Are you talking about *every* *single* *command* (assuming we're not
> > >> talking X
> > >> here, but shell), or just when they issue commands with root privilege?
> > >>
> > >> If the latter, they should be using sudo most of the time, and then
> > >> everything
> > >> will be logged in /var/log/secure.
> > >>
> > >> If you mean the former, that's inane. They started doing that at a major
> > >> corporation I worked at in '03, allegedly as part of their SOX
> > >> (Sarbanes-Oxley)
> > >> compliance, and it's a bad joke; it's more 'if anyone ever asks, we'll
> > bury
> > >> them under so much info that they'll never find what they're looking
> > for".
> > >>
> > >> Really - what do you actually *need* to know? What are you trying to
> > >> achieve?
> > >> Logging everything that everyone does, say, by copying their
> > .bash_history
> > >> file
> > >> every few minutes, or adding a shell wrapper that logs it, the way the
> > >> company
> > >> I worked for did, for more than a handful of people will *bury* you.
> > >>
> > >> While we're at it, though I hate it, are you using selinux?
> > >>
> > >> mark
> > >>
> > >> --
> > >> redhat-list mailing list
> > >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > >> https://www.redhat.com/mailman/listinfo/redhat-list
> > >>
> > >
> > >
> > >
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
>
>
> --
> Best Regards,
> Abdelkader
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
_________________________________________________________________
Missed any of the IPL matches ? Catch a recap of all the action on MSN Videos
http://msnvideos.in/iplt20/msnvideoplayer.aspx--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=subscribe
https://www.redhat.com/mailman/listinfo/redhat-list
------------------------------
Message: 10
Date: Tue, 09 Jun 2009 16:50:51 -0500
From: mark <m.roth2006@xxxxxxx>
Subject: Re: users logs
To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx>
Message-ID: <4A2ED93B.1030907@xxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1
Marti, Rob wrote:
> If you're using RHEL5 you can enable bash auditing. I don't think the same
> solution exists for RHEL4 (yet?).
>
> As far as why, I've been requested to set it up for PCI compliance (since
> developers have access to credit card numbers, etc. without going through
> sudo) but all my CC handling servers are RHEL4 so... :-/
Oh.
I came off a contract the end of April at a company that's both a root CA, and
does managed security for PCI/CSS, so I have a clue what you're dealing with.
One question: the *developers* have access to numbers, and not test numbers? I
believe that you can request card numbers with info explicitly for development
and testing. All the rest should be encrypted everywhere where it's not inside
a secure subnet, and they'd prefer then, as well, if I understand it correctly.
mark
------------------------------
Message: 11
Date: Tue, 9 Jun 2009 16:55:04 -0500
From: "Marti, Rob" <RJM002@xxxxxxxx>
Subject: RE: users logs
To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx>
Message-ID:
<8FAC1E47484E43469AA28DBF35C955E4A494948C75@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"
Yeah, the developers sometimes have to troubleshoot code on production systems (we try to split dev and prod but are not always successful). We're working on a better split, but its not just CC numbers... socials in the database, etc.
Bash auditing is pretty win.
Rob Marti
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of mark
Sent: Tuesday, June 09, 2009 4:51 PM
To: General Red Hat Linux discussion list
Subject: Re: users logs
Marti, Rob wrote:
> If you're using RHEL5 you can enable bash auditing. I don't think the same
> solution exists for RHEL4 (yet?).
>
> As far as why, I've been requested to set it up for PCI compliance (since
> developers have access to credit card numbers, etc. without going through
> sudo) but all my CC handling servers are RHEL4 so... :-/
Oh.
I came off a contract the end of April at a company that's both a root CA, and
does managed security for PCI/CSS, so I have a clue what you're dealing with.
One question: the *developers* have access to numbers, and not test numbers? I
believe that you can request card numbers with info explicitly for development
and testing. All the rest should be encrypted everywhere where it's not inside
a secure subnet, and they'd prefer then, as well, if I understand it correctly.
mark
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
------------------------------
Message: 12
Date: Tue, 09 Jun 2009 17:15:18 -0500
From: mark <m.roth2006@xxxxxxx>
Subject: Re: users logs
To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx>
Message-ID: <4A2EDEF6.1000205@xxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1
Marti, Rob wrote:
> Yeah, the developers sometimes have to troubleshoot code on production
> systems (we try to split dev and prod but are not always successful). We're
> working on a better split, but its not just CC numbers... socials in the
> database, etc.
Oh, boy. If everyone's not already had criminal background & credit checks, I
suspect it's coming sooner rather than later.
>
> Bash auditing is pretty win.
>
As I said, I still think that you'll wind up with so much info that trying to
find anything relevant will be a major task.
mark
> Rob Marti
>
> -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx
> [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of mark Sent: Tuesday,
> June 09, 2009 4:51 PM To: General Red Hat Linux discussion list Subject: Re:
> users logs
>
> Marti, Rob wrote:
>> If you're using RHEL5 you can enable bash auditing. I don't think the
>> same solution exists for RHEL4 (yet?).
>>
>> As far as why, I've been requested to set it up for PCI compliance (since
>> developers have access to credit card numbers, etc. without going through
>> sudo) but all my CC handling servers are RHEL4 so... :-/
>
> Oh.
>
> I came off a contract the end of April at a company that's both a root CA,
> and does managed security for PCI/CSS, so I have a clue what you're dealing
> with.
>
> One question: the *developers* have access to numbers, and not test numbers?
> I believe that you can request card numbers with info explicitly for
> development and testing. All the rest should be encrypted everywhere where
> it's not inside a secure subnet, and they'd prefer then, as well, if I
> understand it correctly.
>
> mark
>
------------------------------
Message: 13
Date: Wed, 10 Jun 2009 16:38:27 +0530
From: lakhan goud <lakchman143@xxxxxxxxx>
Subject: hi
To: redhat-list@xxxxxxxxxx
Message-ID:
<92f8c7c20906100408h43d66e84t4776df0917ff71cc@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1
please Send me DNS Server configuration . RHEL 5.2
step by step .
Thank you so much
------------------------------
Message: 14
Date: Wed, 10 Jun 2009 14:13:42 +0200
From: Kenneth Holter <kenneho.ndu@xxxxxxxxx>
Subject: stunnel connection retries flooding the firewall
To: redhat-list@xxxxxxxxxx
Message-ID:
<c25f25140906100513mfdad0d4x3387a22c52513b14@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1
Hi all.
We're using stunnel to transport syslog messages from clients to a central
log host. During a problem with our firewall, in which the clients lost
connection with the log host, I discovered that the syslog clients never
seemed to give up trying to contact the log host. This resultet in an
enormous amount of connection retires. I'm not sure if this is a feature of
TLS or TCP, but if I remember correctly TCP gives up after seven retries.
Now I'm worried about what will happen when I bring down the log host for
maintenace - will the clients flood the firewalls causing general network
problems? I figure I'll need to reduce the retry interval or take some other
measures.
I anyone know how to go about dealing with this issue I'd greatly appreciate
some hints.
Regards,
Kenneth Holter
------------------------------
Message: 15
Date: Wed, 10 Jun 2009 07:26:37 -0500
From: Phebe_Mertes@xxxxxxxxxxxxxxxxx
Subject: Re: users logs
To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx>
Message-ID:
<OFD783EFEA.867F6A94-ON862575D1.004438E7-862575D1.00445847@xxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=US-ASCII
http://logcheck.org/
is how I used to ignore message log entries I didn't want to see, but it
was still mind numbing work to review the filtered logs every morning from
all the servers.
Phebe Mertes
210-301-6271
From: mark <m.roth2006@xxxxxxx>
To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx>
Date: 06/09/2009 05:15 PM
Subject: Re: users logs
Sent by: redhat-list-bounces@xxxxxxxxxx
Marti, Rob wrote:
> Yeah, the developers sometimes have to troubleshoot code on production
> systems (we try to split dev and prod but are not always successful).
We're
> working on a better split, but its not just CC numbers... socials in the
> database, etc.
Oh, boy. If everyone's not already had criminal background & credit checks,
I
suspect it's coming sooner rather than later.
>
> Bash auditing is pretty win.
>
As I said, I still think that you'll wind up with so much info that trying
to
find anything relevant will be a major task.
mark
> Rob Marti
>
> -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx
> [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of mark Sent: Tuesday,
> June 09, 2009 4:51 PM To: General Red Hat Linux discussion list Subject:
Re:
> users logs
>
> Marti, Rob wrote:
>> If you're using RHEL5 you can enable bash auditing. I don't think the
>> same solution exists for RHEL4 (yet?).
>>
>> As far as why, I've been requested to set it up for PCI compliance
(since
>> developers have access to credit card numbers, etc. without going
through
>> sudo) but all my CC handling servers are RHEL4 so... :-/
>
> Oh.
>
> I came off a contract the end of April at a company that's both a root
CA,
> and does managed security for PCI/CSS, so I have a clue what you're
dealing
> with.
>
> One question: the *developers* have access to numbers, and not test
numbers?
> I believe that you can request card numbers with info explicitly for
> development and testing. All the rest should be encrypted everywhere
where
> it's not inside a secure subnet, and they'd prefer then, as well, if I
> understand it correctly.
>
> mark
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
------------------------------
Message: 16
Date: Wed, 10 Jun 2009 15:00:31 +0200
From: George Magklaras <georgios@xxxxxxxxxxxxx>
Subject: Re: users logs
To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx>
Message-ID: <4A2FAE6F.9090308@xxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
I have read your request and followed a bit the rather long thread. One
way to tackle this issue, addressing the bad folk within and beyond is
to use an execve logger. You might find my MPhil thesis interesting:
http://folk.uio.no/georgios/papers/magklarasmphilthesis.pdf
Page 202 of the Appendix contains sample code employing an execve
logging wrapper. What this does is to give you all the commands execv-ed
per user ID and dump them via syslogd to a suitable location. Collecting
shell history files is not a good idea because it might omit important
info and a simple text file is easily erasable by someone who is serious
about covering his tracks. A log wrapper is not immune to a skilled
attacker determined to cover his/her tracks but it is more difficult to
circumvent. This should give you commands and arguments.
Be warned however that on a very busy system, this can I/O starve your
machine. In fact, I am re-writing the wrapper calls to address these issues.
Hope this helps.
--
--
George Magklaras BSc Hons MPhil
RHCE:805008309135525
Senior Computer Systems Engineer/UNIX-Linux Systems Administrator
EMBnet Technical Management Board
The Biotechnology Centre of Oslo,
University of Oslo
http://folk.uio.no/georgios
Tel: +47-22840535
--
Abdelkader Yousfi wrote:
> All,
>
> How can we know on RHEL what each users is doing on the system (commands,
> file accessing...etc)?
> Thanks!
>
> Best Regards,
> Abdelkader Y.
> VAS & Intelligent Network Team Leader
------------------------------
Message: 17
Date: Wed, 10 Jun 2009 08:05:55 -0500
From: "Marti, Rob" <RJM002@xxxxxxxx>
Subject: RE: users logs
To: "'General Red Hat Linux discussion list'" <redhat-list@xxxxxxxxxx>
Message-ID:
<8FAC1E47484E43469AA28DBF35C955E4A494948C78@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"
My problem with many of the attempts at logging the commands a user runs (and I havn't looked at yours George, so if yours does this then ignore me :) is they don't take things like vim into account. If you vim a file, you can launch a shell from within that vim session and not have any of the normal logging process. The bash auditing that RH set up for RHEL5 logs every keystroke, in and out of vim, etc.
Now, I'm not saying that I'd peruse these logs daily. They'd only be of any use after the fact on any system that gets any real use. And, to make sure that none of the data is corrupted remote logging is required.
Rob Marti
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of George Magklaras
Sent: Wednesday, June 10, 2009 8:01 AM
To: General Red Hat Linux discussion list
Subject: Re: users logs
I have read your request and followed a bit the rather long thread. One
way to tackle this issue, addressing the bad folk within and beyond is
to use an execve logger. You might find my MPhil thesis interesting:
http://folk.uio.no/georgios/papers/magklarasmphilthesis.pdf
Page 202 of the Appendix contains sample code employing an execve
logging wrapper. What this does is to give you all the commands execv-ed
per user ID and dump them via syslogd to a suitable location. Collecting
shell history files is not a good idea because it might omit important
info and a simple text file is easily erasable by someone who is serious
about covering his tracks. A log wrapper is not immune to a skilled
attacker determined to cover his/her tracks but it is more difficult to
circumvent. This should give you commands and arguments.
Be warned however that on a very busy system, this can I/O starve your
machine. In fact, I am re-writing the wrapper calls to address these issues.
Hope this helps.
--
--
George Magklaras BSc Hons MPhil
RHCE:805008309135525
Senior Computer Systems Engineer/UNIX-Linux Systems Administrator
EMBnet Technical Management Board
The Biotechnology Centre of Oslo,
University of Oslo
http://folk.uio.no/georgios
Tel: +47-22840535
--
Abdelkader Yousfi wrote:
> All,
>
> How can we know on RHEL what each users is doing on the system (commands,
> file accessing...etc)?
> Thanks!
>
> Best Regards,
> Abdelkader Y.
> VAS & Intelligent Network Team Leader
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
------------------------------
__
redhat-list mailing list
Unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
End of redhat-list Digest, Vol 64, Issue 10
*******************************************
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
