Hi All,
I am trying to figure out a way to properly audit generic application
accounts to tie them to the named user as it has become an audit issue
that I need to implement. To date, a named user will sudo into the
generic user account. if a shell is launched, sudo will log that event,
but nothing beyond that.
Since multiple users may login as the generic applicaiton user account
at once it then becomes difficult to trace back command histories to a
single user.
Outside of making users use sudo on a command by command basis (which
would be a royal pain) I am not sure how to approach the problem.
Anyone have any thoughts on how I might accomplish this without causing
a complete revolt?
I am trying to figure out a way to properly audit generic application
accounts to tie them to the named user as it has become an audit issue
that I need to implement. To date, a named user will sudo into the
generic user account. if a shell is launched, sudo will log that event,
but nothing beyond that.
Since multiple users may login as the generic applicaiton user account
at once it then becomes difficult to trace back command histories to a
single user.
Outside of making users use sudo on a command by command basis (which
would be a royal pain) I am not sure how to approach the problem.
Anyone have any thoughts on how I might accomplish this without causing
a complete revolt?
