RE: User Auditing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Marti, Robert wrote:
> I'm a fan of auditing root keystrokes and shipping them off the box - you
> can see what happens if your server gets compromised or if you have a
> disgruntled employee by setting up alerts on the log correlation box.
> Plus it allows a historical view of an event that bash_history doesn't
> always - especially if the admin doesn't use a shell that has a history.
> Auditing normal users, however, typically isn't worth it.
>
Ok, if you *know* you have a disgruntled employee. However, I worked at a
place about 4 years ago that implemented command logging of *every*
command of *every* user. Slowed the system down, visibly... and IMO,
created a hostile work environment, telling the employees that no,
management *did not* trust them, an attitude guaranteed to turn gruntled
employees into disgruntled ones. <g>

You'll note I don't work there anymore (though that was for more reasons
than just this).
<snip>

         mark

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux