Re: Building up a shell service.
From: Pekka Aleksi Knuutila (zur@edu.lahti.fi)Date: 10/24/01
- Previous message: Blazej Kantak: "Re: Building up a shell service."
- In reply to: Praise: "Building up a shell service."
- Next in thread: Domenico Delle Side: "Re: Building up a shell service."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 24 Oct 2001 20:04:28 +0300 From: Pekka Aleksi Knuutila <zur@edu.lahti.fi> To: Praise <praisetazio@tiscalinet.it> Subject: Re: Building up a shell service. Message-ID: <20011024200428.B16359@edu.lahti.fi>
On Tue, Oct 23, 2001 at 11:32:36PM +0200, Praise wrote:
> I am planning to build up a shell service for my friends only.
Looks like you don't trust your friends very much :-)
> I already know how to set up ssh, I have already set up tripwire and I am
> controlling traffic with iptables. What I do not know is how to log all
> packets with its owner. I do not like to insert a firewall rule for every
> user:-)
Take a look at UserIPacct[1].
> I am trying to log what they write on the shell too. I think this can be
> accomplished by simply making .bash_history append only, but it does not get
> the timestamps. A better solution would be appriciated!
The .bash_history approach won't work. The kernel implements 'BSD process
accounting' which logs all exec()'s done by users. But even if this is
used, you'd have to set up your system so that users can not run
arbitrary binaries (i.e. by mounting /home and /var -o noexec) to know
exactly what your users are doing.
-- [1]: http://www.geocities.com/SiliconValley/Lakes/2628/ipacct.html
- Previous message: Blazej Kantak: "Re: Building up a shell service."
- In reply to: Praise: "Building up a shell service."
- Next in thread: Domenico Delle Side: "Re: Building up a shell service."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
