Re: Logging user activities
From: Pawel Jakub Dawidek (nick_at_garage.freebsd.pl)
Date: Fri, 9 Jan 2004 15:06:57 +0100 To: Richard Bejtlich <email@example.com>
On Tue, Jan 06, 2004 at 01:04:30PM -0800, Richard Bejtlich wrote:
+> They include using 'chflags sappnd .bash_history',
+> enabling process accounting, and the like.
+> My goal is to "watch the watchers," i.e. watch for
+> abuse of power by SOC people with the ability to view
+> traffic captured by sniffers.
Just forget about those methods.
The only right way for such things is to monitor execve(2) syscall
on kernel level.
-- Pawel Jakub Dawidek firstname.lastname@example.org UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net
- application/pgp-signature attachment: stored