Re: How to log all commands?
From: Dragan Cvetkovic (me_at_privacy.net)
Date: 05/30/05
- Next message: Dragan Cvetkovic: "Re: How to log all commands?"
- Previous message: c0ntex: "Re: How to log all commands?"
- In reply to: Nekromancer: "How to log all commands?"
- Next in thread: Davide Bianchi: "Re: How to log all commands?"
- Reply:(deleted message) Davide Bianchi: "Re: How to log all commands?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 30 May 2005 15:12:40 -0400
Nekromancer <foo@bar.org> writes:
>
> Typical example: someone portscans a remote box using nmap (there're
> reasons why nmap must be in the box), and this portscan was not
> authorized. Then I've to raise an issue, and the user will be informed of
> the "mistake" (you guess the rest if the issue happens again).
How would you logging all commands help if user writes a script and/or
programs to do what they are not allowed to do.
E..g, fire up vi (or emacs!) and write script in e.g. perl (or a program in
C), that does the said activity or that e.g. deletes all common
files. Start the program. Remove the script.
What can you demonstrate? What log would you have of that activity?
Bye, Dragan
-- Dragan Cvetkovic, To be or not to be is true. G. Boole No it isn't. L. E. J. Brouwer !!! Sender/From address is bogus. Use reply-to one !!!
- Next message: Dragan Cvetkovic: "Re: How to log all commands?"
- Previous message: c0ntex: "Re: How to log all commands?"
- In reply to: Nekromancer: "How to log all commands?"
- Next in thread: Davide Bianchi: "Re: How to log all commands?"
- Reply:(deleted message) Davide Bianchi: "Re: How to log all commands?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
