Re: How to log all commands?
From: Dragan Cvetkovic (me_at_privacy.net)
Date: Mon, 30 May 2005 15:12:40 -0400
Nekromancer <email@example.com> writes:
> Typical example: someone portscans a remote box using nmap (there're
> reasons why nmap must be in the box), and this portscan was not
> authorized. Then I've to raise an issue, and the user will be informed of
> the "mistake" (you guess the rest if the issue happens again).
How would you logging all commands help if user writes a script and/or
programs to do what they are not allowed to do.
E..g, fire up vi (or emacs!) and write script in e.g. perl (or a program in
C), that does the said activity or that e.g. deletes all common
files. Start the program. Remove the script.
What can you demonstrate? What log would you have of that activity?
-- Dragan Cvetkovic, To be or not to be is true. G. Boole No it isn't. L. E. J. Brouwer !!! Sender/From address is bogus. Use reply-to one !!!