Re: SSH session audit

To: john doe <johndoe65534@mail.com>
Cc: debian-user@lists.debian.org
Subject: Re: SSH session audit
From: me@risca.eu
Date: Mon, 19 Feb 2018 17:21:13 +0100
Message-id: <[🔎] b244ec1de6d01c4ee67502834c56c863@risca.eu>
In-reply-to: <[🔎] b9a045e4-9d2e-5592-9988-fc18b789fa9b@mail.com>
References: <[🔎] bcd96c3b11be9e049b9cd950477839cd@risca.eu> <[🔎] b9a045e4-9d2e-5592-9988-fc18b789fa9b@mail.com>

On 2018-02-19 16:52, john doe wrote:

Isn't pam enough?:
https://linux.die.net/man/8/pam

No need to install anything and it's quite versatile.

Yes, this is in line with the other suggested options such as snoopy orpam_tty_audit. It could work as audit system, but it seems to me as asolution for more structured and corporate environment.In the described case I would like a solution that store record thesession in a safe way, immutable and trustable, therefore encrypting all(only the owners have to be able to read it) and hosted on a read onlyresource (the user who logins should not be able to delete it) andprovable (signed).I think that with pam there is the risk that a user with full accessright could easily delete all the logs. Or that the log could be alteredafter.

Reply to:

Follow-Ups:
- Re: SSH session audit
  - From: Roberto C. Sánchez <roberto@debian.org>
- Re: SSH session audit
  - From: Eero Volotinen <eero.volotinen@iki.fi>

References:
- SSH session audit
  - From: me@risca.eu
- Re: SSH session audit
  - From: john doe <johndoe65534@mail.com>

Prev by Date: Re: domain names, was: hostname
Next by Date: Re: hostname
Previous by thread: Re: SSH session audit
Next by thread: Re: SSH session audit
Index(es):
- Date
- Thread