Re: Logging User Activity

To: Michael Parkinson <michael@intellnet.net.uk>
Cc: debian-security@lists.debian.org
Subject: Re: Logging User Activity
From: Sebastian <sebastian@expires1203.datenknoten.de>
Date: 14 May 2003 17:48:31 +0200
Message-id: <1052927311.10340.280.camel@antares.et6.tu-harburg.de>
In-reply-to: <NFBBJNPPELIGKCEHDCIHKEBLOMAA.michael@intellnet.net.uk>
References: <NFBBJNPPELIGKCEHDCIHKEBLOMAA.michael@intellnet.net.uk>

Am Mit, 2003-05-14 um 16.33 schrieb Michael Parkinson:
> Dear All,
> 
> Currently implementing a number of modifications to our internal security
> policies and one addition I am attempting to add is the full logging of user
> activity.

Are you sure that this is not violating your users' privacy?

But apart from political and legal issues - I suggest using the
grsecurity kernel patch (www.grsecurity.org). You can put all users that
you don't trust into a special audit group. Of course, you still have to
come up with a solution for secure remote logging (syslog is not an
option - some of your users could for example get the idea of sending
fake logs of other users doing nasty things to the remote logging
server...).

Sebastian

Reply to:

References:
- Logging User Activity
  - From: "Michael Parkinson" <michael@intellnet.net.uk>

Prev by Date: Re: Logging User Activity
Next by Date: Re: Logging User Activity
Previous by thread: Re: Logging User Activity
Next by thread: Re: Logging User Activity
Index(es):
- Date
- Thread