Hi
We are running opensuse at a number of servers and have ksh as preferred shell (other shells are removed from the system)
One of the requirements we face before an audit is to have every command executed on the commandline to be logged (especially for the admin users).
We have sudo implemented in a number of roles, so users can only run commands that they are allowed to by sudo, but we don’t have a sudo implementation per command… apart from the long list of commands we would have to implement in sudo, we would still need auditing for the root user.
I know ksh93 has auditing capabilities, but by default these capabilities are off by default and would require a recompilation of ksh. I tried that on a CentOS machine (with of course the CentOS srpm ), but although i altered the makefile to put auditing on, it wasn’t auditing afterwards.
Does anyone know where to get the correct RPM’s foor auditing KSH?
grtz
hans