Re: Building up a shell service.

From: Pekka Aleksi Knuutila (zur@edu.lahti.fi)
Date: 10/24/01


Date: Wed, 24 Oct 2001 20:04:28 +0300
From: Pekka Aleksi Knuutila <zur@edu.lahti.fi>
To: Praise <praisetazio@tiscalinet.it>
Subject: Re: Building up a shell service.
Message-ID: <20011024200428.B16359@edu.lahti.fi>

On Tue, Oct 23, 2001 at 11:32:36PM +0200, Praise wrote:

> I am planning to build up a shell service for my friends only.

  Looks like you don't trust your friends very much :-)

> I already know how to set up ssh, I have already set up tripwire and I am
> controlling traffic with iptables. What I do not know is how to log all
> packets with its owner. I do not like to insert a firewall rule for every
> user:-)

  Take a look at UserIPacct[1].

> I am trying to log what they write on the shell too. I think this can be
> accomplished by simply making .bash_history append only, but it does not get
> the timestamps. A better solution would be appriciated!

  The .bash_history approach won't work. The kernel implements 'BSD process
accounting' which logs all exec()'s done by users. But even if this is
used, you'd have to set up your system so that users can not run
arbitrary binaries (i.e. by mounting /home and /var -o noexec) to know
exactly what your users are doing.

--
[1]: http://www.geocities.com/SiliconValley/Lakes/2628/ipacct.html



Relevant Pages

  • Building up a shell service.
    ... I am planning to build up a shell service for my friends only. ... how to set up ssh, I have already set up tripwire and I am controlling ...
    (Focus-Linux)
  • Re: Building up a shell service.
    ... Building up a shell service. ... > the timestamps. ... give a look at the psacct package, i think it's the right one for you ...
    (Focus-Linux)