RE: Basic Security for RedHat

["Alexandre Skyrme" <alexandre.skyrme () ciphersec com br>]

Greetings Kalpin,

        It's not quite clear from your e-mail if you intend to audit the
other admin's actions or if you're assuming they should be trusted and just
need a tool to inform each admin of the other admins activities.

        If some sort of audit trail if what you need then I'd strongly
advise you against giving root privileges to the admins. Use sudo instead.
In case you're not familiar with sudo it allows a regular user to perform
some operations as a super user. The main point is that you can restrict
what commands each admin can execute and even which arguments they can use.

        The point is that once you give root privileges to your admins
you're allowing them to subvert most of the methods suggested by others to
register their activities. They could stop cron jobs, alter custom shell
scripts, tamper with log files, etc. Naturally those solutions would be fine
in case you're 100% trusting your admins, as I described earlier.

        Using sudo you'll get log entries for commands executed, along with
timestamps and user names. Since your users won't have root privileges they
won't be able to interfere with the logging. You could even get syslog to
send messages to another host, where the admins don't have access, in order
to preserve them better.

        As for sending mails once specific commands get executed you could
use a log parsing tool to do so. Tripwire could be used as a second layer of
verification.

Regards,
--
Alexandre Skyrme
Cipher - Segurança da Informação
+55-21-2529-2629
www.ciphersec.com.br
 
Esta mensagem eletrônica pode conter informações privilegiadas e/ou
confidenciais, portanto fica o seu receptor notificado de que qualquer
disseminação, distribuição ou cópia não autorizada é estritamente proibida.
Se você recebeu esta mensagem indevidamente ou por engano, por favor,
informe este fato ao remetente e a apague de seu computador imediatamente.

This e-mail message may contain legally privileged and/or confidential
information, therefore, the recipient is hereby notified that any
unauthorized dissemination, distribution or copying is strictly prohibited.
If you have received this e-mail message inappropriately or accidentally,
please notify the sender and delete it from your computer immediately.



-----Original Message-----
From: Kalpin Erlangga Silaen [mailto:kalpin () solonet co id] 
Sent: terça-feira, 7 de dezembro de 2004 23:33
To: security-basics () lists securityfocus com
Subject: Basic Security for RedHat


Dear all,

I am using RedHat 9.0 and there is 3 admin in my server. I am looking 
for some tools which will send email to me while some admin adduser or 
change user's password. Also I am looking for some tutorials how to 
limits user's resources in RedHat and some security basics.

Any help will be appreciate.

---
Kalpin Erlangga Silaen
mailto: kalpin () solonet co id
URL: http://www.warningnews.com
YM: kalpinus
MSN: kalpinus
IRC: mesra.dal.net nick Kalpin