Re: PCI-DSS: Log every root actions/keystrokes but avoid passwords
On Wed, Mar 13, 2013 at 07:55:29AM PDT, Richard Guy Briggs spake thusly:
I haven't seen a lot of requests for this feature yet, but it
sounds
like there could be a lot of interest, so it may be worth doing
correctly, rather than as a quick fix.
As people become more security-aware and implement PCI/HIPAA/FISMA and other
regulatory regimes (which are why I'm here) they will be asking for more
auditing capability, especially in the area of console/tty logging where Linux
has historically been weak. Writing out passwords to logfiles is simply not an
option. We are currently looking at Xceedium for auditing/logging our bastion
hosts but would really prefer to avoid that route if auditd or some other Linux
component could handle that for us.
--
Tracy Reed
Attachments:
- attachment.sig (application/pgp-signature — 189 bytes)