Re: Logging user activities

From: Pawel Jakub Dawidek (
Date: 01/09/04

  • Next message: "Problem with DNS (UDP) queries"
    Date: Fri, 9 Jan 2004 15:06:57 +0100
    To: Richard Bejtlich <>

    On Tue, Jan 06, 2004 at 01:04:30PM -0800, Richard Bejtlich wrote:
    +> They include using 'chflags sappnd .bash_history',
    +> enabling process accounting, and the like.
    +> My goal is to "watch the watchers," i.e. watch for
    +> abuse of power by SOC people with the ability to view
    +> traffic captured by sniffers.

    Just forget about those methods.
    The only right way for such things is to monitor execve(2) syscall
    on kernel level.

    Look at:


    Pawel Jakub Dawidek             
    UNIX Systems Programmer/Administrator
    Am I Evil? Yes, I Am!           

  • Next message: "Problem with DNS (UDP) queries"