Description of problem: NISPOM, DCID 6/3, and PCI security standards all call out for the ability to monitor the actions of the root user. I'm working on a patch in coordination with upstream that provides this capability. The first attempt was to create something like rsh but it was found to be too easy to defeat. What I would like to do at this point is create a second bash that has auditing turned on. You could install either bash with or without auditing. The default would be without.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Since this bugzilla is in a component that is not approved for the current release, it has been closed with resolution deferred. You may reopen this bugzilla for consideration in the next release.
Created attachment 157071 [details] Create advisory TTY audit events
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Created attachment 278921 [details] The patch submitted upstream
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0116.html