Re: How to log all commands?
From: Menno Duursma (pan_at_desktop.lan)
Date: 05/31/05
- Next message: Jani Mikkonen: "Re: How to log all commands?"
- Previous message: nick4soup_at_yahoo.com.au: "Re: How to log all commands?"
- In reply to: Nekromancer: "How to log all commands?"
- Next in thread: Jani Mikkonen: "Re: How to log all commands?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 31 May 2005 11:26:55 +0200
On Mon, 30 May 2005 11:03:22 +0000, Nekromancer wrote:
[ ... audit trail. ]
http://clug.ca/pipermail/clug-talk_clug.ca/2005-March/001796.html
And/or Google for "bash audit" (or the shell used at your site.)
> Opposite example: someone claims problems due to "hacking activity" from
> this box,
How about logging outbound traffic from formentioned box/account to the
world at large ( man iptables .) An autenticated proxy like Squid may help.
> but the audit trail shows that this is not the case,
As stated by others: that isn't evidence of there having /not/ been any
crack attempt activity (from your network). It's just that if you *do* see
something odd happen, you /might/ have a backlog.
> I can show it to the people who raised the false claim.
Well you'd need to be kind of sure ... Fush/Foosh can MD5 check though:
http://foosh.sourceforge.net/
-- -Menno.
- Next message: Jani Mikkonen: "Re: How to log all commands?"
- Previous message: nick4soup_at_yahoo.com.au: "Re: How to log all commands?"
- In reply to: Nekromancer: "How to log all commands?"
- Next in thread: Jani Mikkonen: "Re: How to log all commands?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
