top | item 42668763

(no title)

> Unix was very much made for multi user environments. ... The biggest security concern was making sure that everyone who was logged in was billed correctly.

I don't know about that... It doesn't even support multiple administrators. And you can't even distinguish between actions performed by the system itself and the administrative user.

Yes I know about sudo.

What do you need to do and what do the (even audit) logs say about who performed an activity whenever administrative activity happens?

discuss

timewizard|1 year ago

> It doesn't even support multiple administrators.

You can easily create multiple accounts that have the uid 0. Groups are a fundamental part of discretionary access system and several administrative groups exist by default. Your modern desktop oriented distribution may not take advantage of these facts.

> logs say about who performed an activity whenever administrative activity happens?

Simply enable process accounting and setup a program to capture that information. The early BSD distributions had this and had many command line tools to query the information it stored.

randomname93857|1 year ago

>> What do you need to do and what do the (even audit) logs say about who performed an activity whenever administrative activity happens? By activity you mean who run some process? doesn't enabling audit on all execve, execveat and looking at AUID besides EUID and UID fields tell you that? Or am I missing something? you may want to configure ENHANCED format in auditd for convenience.

noinsight|1 year ago

No, you are right. On Linux you can look at AUID. To be fair, I have no idea about others than Linux.