Re: Recording user commands (from RE: Linux-audit Digest, Vol 31, Issue 12)
On Fri, 27 Apr 2007 16:28:17 EDT, Paul Moore said:
I believe that would miss all of the shell built-in commands though,
wouldn't
it? Not sure if we would care, but you can do some interesting things with
the built-ins ... (although maybe you could capture that through additional
audit watches/syscalls/etc.)
# perl -e 'while (<>) {eval $_;}'
Doing proper auditing of what a user is doing is harder than it looks.
Have a nice day. :)
Attachments:
- attachment.sig (application/pgp-signature — 226 bytes)