Re: How to log all commands?

From: Dragan Cvetkovic (me_at_privacy.net)
Date: 05/30/05


Date: Mon, 30 May 2005 15:12:40 -0400

Nekromancer <foo@bar.org> writes:
>
> Typical example: someone portscans a remote box using nmap (there're
> reasons why nmap must be in the box), and this portscan was not
> authorized. Then I've to raise an issue, and the user will be informed of
> the "mistake" (you guess the rest if the issue happens again).

How would you logging all commands help if user writes a script and/or
programs to do what they are not allowed to do.

E..g, fire up vi (or emacs!) and write script in e.g. perl (or a program in
C), that does the said activity or that e.g. deletes all common
files. Start the program. Remove the script.

What can you demonstrate? What log would you have of that activity?

Bye, Dragan

-- 
Dragan Cvetkovic, 
To be or not to be is true. G. Boole      No it isn't.  L. E. J. Brouwer
!!! Sender/From address is bogus. Use reply-to one !!!


Relevant Pages

  • Re: Command Execution Using Script - Similar to Windows Batch File-Like Script (Coding Help)
    ... very simple nmap command as listed below, ... If you want to make an executable script, ... "nmap 1.2.3.4" is a perfectly valid command, ... You can then try to execute the file either by calling ...
    (freebsd-questions)
  • Cannot open file to read after creation
    ... I am working on a script to help find malicious traffic that takes the supplied ip and port from the user, does a number of checks (reverse dns, whois, banner grabbing, amap and nmap service fingerprinting), and then prints the results to a file. ... I have most of the script working correctly, except I want to take my nmap results that are written to a file and search them for the word irc. ... If it is found, call the irc subroutine. ...
    (perl.beginners)
  • Re: Nmap Grepable output parsing script
    ... Following is a rough Ruby script I wrote to parse the Nmap Grepable output. ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
    (Pen-Test)
  • Re: [framework] [tool] MetaScanner V1.1
    ... secondly i never meant the script to run ... yes this script relies on the nmap output if there's no output then ... already in metasploit framework. ... Raiffeisen Informatik GmbH, Firmenbuchnr. ...
    (Pen-Test)
  • Re: [framework] [tool] MetaScanner V1.1
    ... secondly i never meant the script to run ... yes this script relies on the nmap output if there's no output then ... already in metasploit framework. ... Raiffeisen Informatik GmbH, Firmenbuchnr. ...
    (Security-Basics)