Re: Reliable shell logs

From: admin (admin@crimelords.org)
Date: 02/05/02

• Next message: James F. Hranicky: "Questions (Rants?) About IPSEC"
• Previous message: Crist J. Clark: "Re: how to detect a illegal connect on local network ?"
• Maybe in reply to: Petko Popadiyski: "Reliable shell logs"
• Next in thread: Geir Råness: "Re: Reliable shell logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 5 Feb 2002 08:47:15 -0600 (CST)
From: admin <admin@crimelords.org>
To: "Roger 'Rocky' Vetterberg" <listsub@rambo.simx.org>

bofh bash and tcsh are at

http://www.ccitt5.net/new/

- emacs

On Mon, 4 Feb 2002, Roger 'Rocky' Vetterberg wrote:

> Geir R=E5ness wrote:
>
> > You always could set your users to the shell bash, that is patched with=
 the
> > "bofh" logging.
> > That's one way you could secure log your users, but it could be found.
> > It all depends on the intruder.
>
>
> Do you know where I could find this patch?
> I tried google.com/bsd and found a bounch of sh patches, but
> none for bash.
> And what stops the user from changing his shell? 'chsh'
> would let him change shell to csh, tcsh or whatever is
> available on the system, right? How can I prevent this?
>
> > This you can do something about however, you can have an locale log se=
rver,
> > that the "shell" server sends the log to,
> > with upload access only.
> > So the intruder cant delete the logs, you probaly shuld make this serve=
r an
> > local login only.
> >
> > Geir R=E5ness
> > PulZ @ efnet
>
>
> --
> R
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: James F. Hranicky: "Questions (Rants?) About IPSEC"
• Previous message: Crist J. Clark: "Re: how to detect a illegal connect on local network ?"
• Maybe in reply to: Petko Popadiyski: "Reliable shell logs"
• Next in thread: Geir Råness: "Re: Reliable shell logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: [SLE] Redirection puzzle ... What shell do you use for interactive shell sessions? ... "--norc" option in the script? ... I tried the tcsh counterpart: ... bash> tcsh ... (SuSE) Re: bash & tcsh ... I use bash as the standard shell for all accounts on hp-ux, ... don't use tcsh. ... permissions to match the other system shells. ... (comp.sys.hp.hpux) Re: strange tcsh. vs. bash behavior of scp ... >> conventions between bash and tcsh. ... csh-type shell such as tcsh, ... >perl scripts from inside Makefiles. ... (comp.security.ssh) Re: Apparently, csh programming is considered harmful. ... tcsh as well. ... Standard shell for what? ... I used bash for an interactive shell for about 5 years until I ... I'm tempted to try doing the same on FreeBSD (replace sh with pdksh) ... (freebsd-questions) Re: Reliable shell logs ... >> You always could set your users to the shell bash, ... > I tried google.com/bsd and found a bounch of sh patches, ... > would let him change shell to csh, tcsh or whatever is ... (FreeBSD-Security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2002-02