[Users] Re: Logging of logins via "vzctl enter"
Gregor at HostGIS
gregor at hostgis.com
Wed May 13 15:22:31 EDT 2009
> If you don't trust the root user of your host node, I think you are in trouble.
For me, it's not about trust but logging and completeness. I trust
myself and our security, but having a more complete log of when the
sysadmin stepped in would help our own auditing processes.
>> I hope that it will be implemented ASAP by openvz dev team.
Login messages, such as they are, happen when the login program or sshd
or similar, make a log entry. If the program doing the login is not
making a log entry, so be it.
Hypothetically, couldn't "vzctl enter" make such a log entry before
launching bash ? Hmmmmm. Looking at enter.c I see no reason they
couldn't insert some logging code right before the "exec bash" -- except
that it would be platform-dependent based on the container's OS.
Still, OpenSSH's loginrec.c provides some nice examples of how to log
logins and wtmps and the like, with a large degree of platform
independence. Hmmmmmmm?
--
HostGIS, Open Source solutions for the global GIS community
Greg Allensworth - SysAdmin, Programmer, GIS Person, Security
Network+ Server+ A+ Security+
More information about the Users
mailing list