Re: Reliable shell logs
From: admin (admin@crimelords.org)
Date: 02/05/02
- Next message: Matt H: "Re: Port 113 Traffic"
- Previous message: Geir Råness: "Re: Reliable shell logs"
- In reply to: Roger 'Rocky' Vetterberg: "Re: Reliable shell logs"
- Next in thread: Ceri Storey: "Re: Reliable shell logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 5 Feb 2002 08:47:15 -0600 (CST) From: admin <admin@crimelords.org> To: "Roger 'Rocky' Vetterberg" <listsub@rambo.simx.org>
bofh bash and tcsh are at
- emacs
On Mon, 4 Feb 2002, Roger 'Rocky' Vetterberg wrote:
> Geir Råness wrote:
>
> > You always could set your users to the shell bash, that is patched with the
> > "bofh" logging.
> > That's one way you could secure log your users, but it could be found.
> > It all depends on the intruder.
>
>
> Do you know where I could find this patch?
> I tried google.com/bsd and found a bounch of sh patches, but
> none for bash.
> And what stops the user from changing his shell? 'chsh'
> would let him change shell to csh, tcsh or whatever is
> available on the system, right? How can I prevent this?
>
> > This you can do something about however, you can have an locale log server,
> > that the "shell" server sends the log to,
> > with upload access only.
> > So the intruder cant delete the logs, you probaly shuld make this server an
> > local login only.
> >
> > Geir Råness
> > PulZ @ efnet
>
>
> --
> R
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Matt H: "Re: Port 113 Traffic"
- Previous message: Geir Råness: "Re: Reliable shell logs"
- In reply to: Roger 'Rocky' Vetterberg: "Re: Reliable shell logs"
- Next in thread: Ceri Storey: "Re: Reliable shell logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
