Date: Mon, 4 Dec 2000 00:50:21 -0800 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Chris Byrnes <chris@jeah.net> Cc: questions@FreeBSD.ORG Subject: Re: Logging outside of home directory Message-ID: <20001204005021.C99903@149.211.6.64.reflexcom.com> In-Reply-To: <Pine.BSF.4.21.0012032349420.40165-100000@awww.jeah.net>; from chris@jeah.net on Sun, Dec 03, 2000 at 11:50:30PM -0600 References: <Pine.BSF.4.21.0012032349420.40165-100000@awww.jeah.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 03, 2000 at 11:50:30PM -0600, Chris Byrnes wrote: > I'm looking for a way to log all shell activity to a place > where the individual user can't see it's being logged to, and > if possible, cannot tamper with the log file. > > I'd like it to work for all shells (bash, tcsh, csh, etc). > > Anyone have a program or script? I don't see a reasonable way to do this if you are thinking about using the builtin "history" mechanism of the shells. At least not without hacking the source code of each shell. The history mechanisms are there for exploitation by the user, not the administrator, and therefore are easy for the user to monitor and to change. One possibility is to use the builtin accounting functionality. See accton(8), sa(8), lastcomm(1), and acct(5) for more information. This would be a reasonable solution for usage statitics and very basic security monitoring (on unsophisticated users). None of these options is practical for comprehensive security auditing. I can't tell from your brief mail what your intentions are. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001204005021.C99903>