Am Mit, 2003-05-14 um 16.33 schrieb Michael Parkinson: > Dear All, > > Currently implementing a number of modifications to our internal security > policies and one addition I am attempting to add is the full logging of user > activity.
Are you sure that this is not violating your users' privacy? But apart from political and legal issues - I suggest using the grsecurity kernel patch (www.grsecurity.org). You can put all users that you don't trust into a special audit group. Of course, you still have to come up with a solution for secure remote logging (syslog is not an option - some of your users could for example get the idea of sending fake logs of other users doing nasty things to the remote logging server...). Sebastian
