PUM
NetIQ (formerly: Novell) Privileged User Manager (PUM)
Product details and history
"Powerful auditing tools capture system transactions and user activity to the keystroke level, and automated rules can randomly select activity records for auditors on any given schedule. Multiple levels of encryption protect sensitive data from unauthorized personnel and comprehensive auditor review utilities build permanent records for legislative compliance. The underlying data is optimized for easy investigation and the system architecture is designed for maximum protection against electronic or physical tampering."
A logged shell with a local agent and a remote server. The server provides a live playback of the audit period, among others - this can be either a Unix shell or even a Windows RDP session.
http://www.novell.com/connectionmagazine/2010/11/secure_superusers.html
NetIQ Privileged User Manager
https://www.netiq.com/products/privileged-user-manager/
NetIQ Privileged User Manager 2.3.1 Release Notes
https://www.netiq.com/documentation/privilegedusermanager23/readme/data/privilegedusermanager_readme.html
Novell Privileged User Manager
http://www.novell.com/promo/home/pum.html - 'Visit our Product Page' redirects to NetIQ
Fortefi Compliance Auditor: Overview (down since a few years)
http://www.fortefi.com/products/compliance/index.shtml
2006 - Attachmate acquires NetIQ
2006 - ? Fortefi announces Command Control
2007 - Fortefi announces Compliance Auditor
2009 - Novell acquires Fortefi
2010 - Attachmate acquires Novell http://en.wikipedia.org/wiki/Novell#Acquisition_by_Attachmate
2011 - Attachmate transfers some of the Novell portfolio to NetIQ http://www.actionidentity.com/netiq
Formerly known as Fortefi Command Control and Compliance Auditor (presented in the HP and RedHat software catalog)
From 2.3.1, product transferred to NetIQ and marketed as NetIQ Privileged User Manager by Novell/NetIQ owner Attachmate
Platforms:
AIX, HP-UX, Solaris, Tru64, Linux, Windows
AIX
Fileset: novellnpum (agent)
SRC: service 'npum'
Processes: unifid (2 instances)
Ports: TCP 29120 (required), UDP 29120 http://www.novell.com/support/kb/doc.php?id=7007094
Config file: /opt/novell/npum/config/unifi.xml
Log (agent): /opt/novell/npum/logs/unifid.log
Some obscure binaries: unifi, unifid, unpak, usvc
Under /opt/novell/npum/service/local/bin, a bunch of 'rexec' commands: ccsum, pcksh, rutcsh, ssh (OpenSSH 5.5p1 in novellnpum 2.3.0.0), sush, udsh, uscp, usrun, usvi
Other products
Balabit Shell-in-a-box