Re: Logging user activities

From: Pawel Jakub Dawidek (nick_at_garage.freebsd.pl)
Date: 01/09/04

  • Next message: freebsd_at_tern.ru: "Problem with DNS (UDP) queries"
    Date: Fri, 9 Jan 2004 15:06:57 +0100
    To: Richard Bejtlich <richard_bejtlich@yahoo.com>
    
    
    

    On Tue, Jan 06, 2004 at 01:04:30PM -0800, Richard Bejtlich wrote:
    +> They include using 'chflags sappnd .bash_history',
    +> enabling process accounting, and the like.
    +>
    +> My goal is to "watch the watchers," i.e. watch for
    +> abuse of power by SOC people with the ability to view
    +> traffic captured by sniffers.

    Just forget about those methods.
    The only right way for such things is to monitor execve(2) syscall
    on kernel level.

    Look at:

            http://garage.freebsd.pl/lrexec.README
            http://garage.freebsd.pl/lrexec.tbz

    -- 
    Pawel Jakub Dawidek                       pawel@dawidek.net
    UNIX Systems Programmer/Administrator     http://garage.freebsd.pl
    Am I Evil? Yes, I Am!                     http://cerber.sourceforge.net
    
    



  • Next message: freebsd_at_tern.ru: "Problem with DNS (UDP) queries"