Can the Audit Daemon Determine the Difference Between Two Users Running Commands Simultaneously After Each User has Sudo'd to the Root User?

Solution Unverified - Updated -

Issue

  • Example: User John and User Jane log into a system with their unique users accounts. They both sudo su - root. One of them runs malicious commands, the other does not. How do you determine which user ran the malicious commands since they were both logged in as root at the same time?

Environment

  • Red Hat Enterprise Linux 5
  • Audit Daemon

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.