Re: process accounting

From: Reveret Julien (shaddai_at_nerim.net)
Date: 05/27/03

  • Next message: Mike Noordermeer: "Re: process accounting"
    Date: Tue, 27 May 2003 19:15:02 +0200
    To: focus-linux@securityfocus.com
    
    

    On Tue, May 27, 2003 at 10:51:46AM +0300, Patrascu Eugeniu wrote:
    > On Mon, 2003-05-26 at 21:38, Reveret Julien wrote:
    > >
    > > What you can do is patch your system with grsec patches, or patch your
    > > users' shell. There is a patch for bash which makes bash logs everything
    > > that is typed (I don't remember the url, search for bash+logging+patch).
    >
    >
    > Why don't you use the good old process accounting feature ?

    Because this guy wants to log all the arguments of every command run by
    users, process accounting doesn't. Moreover, lastcomm output is not
    that easy to read when you need some informations, whereas a log which
    looks like a .bash_history, with timestamps, can makes it easier to
    catch these informations.

    -- 
    We are the knights who say 
    echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlbxq'|dc
    

  • Next message: Mike Noordermeer: "Re: process accounting"

    Relevant Pages

    • Re: bash43-025 patch for AIX for Shellshock
      ... Is there an option in configure for bash to disable importing function definitions from environment variables? ... bash43-025 patch for AIX for Shellshock ...
      (AIX-L)
    • Re: bash43-025 patch for AIX for Shellshock
      ... bash43-025 patch for AIX for Shellshock ... For those of us who find we must patch bash due to the hype, ...
      (AIX-L)
    • the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)
      ... If you are not familiar with the original bash function export ... the initial maintainer-provided patch for this ... A simple conceptual illustration of this attack vector would be: ... Similarly to the original vulnerability, ...
      (Bugtraq)
    • Re: Kernel Patch
      ... WARNING: $SHELL not set to bash. ... If patch or script failed, check pre/ and post/ for current stage. ...
      (Ubuntu)
    • [patch 12/39] ext2/xip: refuse to change xip flag during remount with busy inodes
      ... commit 0e4a9b59282914fe057ab17027f55123964bc2e2 upstream. ... mount ext2 -o remount stopped working properly when remounting from ... bash which is running rc.sysinit resides on subject filesystem). ... This patch refuses to change the xip flag during remount in case some ...
      (Linux-Kernel)