Red Hat Bugzilla – Bug 235021
Changes to bash for auditing
Last modified: 2014-01-12 19:06:40 EST
Description of problem:
NISPOM, DCID 6/3, and PCI security standards all call out for the ability to
monitor the actions of the root user. I'm working on a patch in coordination
with upstream that provides this capability.
The first attempt was to create something like rsh but it was found to be too
easy to defeat. What I would like to do at this point is create a second bash
that has auditing turned on. You could install either bash with or without
auditing. The default would be without.
This request was evaluated by Red Hat Product Management for
inclusion in a Red Hat Enterprise Linux release. Since this
bugzilla is in a component that is not approved for the current
release, it has been closed with resolution deferred. You may
reopen this bugzilla for consideration in the next release.
Created attachment 157071 [details]
Create advisory TTY audit events
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
Created attachment 278921 [details]
The patch submitted upstream
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.