Can the Audit Daemon Determine the Difference Between Two Users Running Commands Simultaneously After Each User has Sudo'd to the Root User?

Solution Unverified - Updated -

Issue

  • Example: User John and User Jane log into a system with their unique users accounts. They both sudo su - root. One of them runs malicious commands, the other does not. How do you determine which user ran the malicious commands since they were both logged in as root at the same time?

Environment

  • Red Hat Enterprise Linux 5
  • Audit Daemon

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content