|
|
|
|
|
|
by aaronharnly
3671 days ago
|
|
|
We use rootsh[1] logging to syslog, which gets forwarded to a logging server, which in turn is periodically copied to a wholly separate AWS account, so that in case of breach of the main account the audit logs are intact. [1] http://linux.die.net/man/1/rootsh |
|
|