Date: Mon, 17 Jan 2000 21:04:07 -0500 (EST) From: Omachonu Ogali <oogali@intranova.net> To: Adam <bsdx@looksharp.net> Cc: Will Andrews <andrews@TECHNOLOGIST.COM>, freebsd-security@FreeBSD.ORG Subject: RE: Parent Logging Patch for sh(1) Message-ID: <Pine.BSF.4.10.10001172101390.96286-100000@hydrant.intranova.net> In-Reply-To: <Pine.BSF.4.21.0001171536040.68131-100000@sapphire.looksharp.net>
next in thread | previous in thread | raw e-mail | index | archive | help
http://tribune.intranova.net/archives/sh-log+access.patch adds uid and username logging along with a deny list (/etc/sh.deny). And in reference to Keith Stevenson's 'So?', if you can determine the point of entry in an intrusion you can backtrack to where it originated, the main reason I created that patch was to allow a system administrator to backtrack in the case of an intrusion. Omachonu Ogali Intranova Networking Group On Mon, 17 Jan 2000, Adam wrote: > I haven't looked at it but it sounds like something useful to me. > > On Sun, 16 Jan 2000, Omachonu Ogali wrote: > > > I thought it would benefit those who are security minded. Why shouldn't I > > have posted it? > > > > Omachonu Ogali > > Intranova Networking Group > > > > On Sun, 16 Jan 2000, Will Andrews wrote: > > > > > On 16-Jan-00 Omachonu Ogali wrote: > > > > After applied, sh(1) will log the parent process ID and name that executed > > > > it into syslog. Available from > > > > http://tribune.intranova.net/archives/sh-log.patch > > > > > > Is there any (valid) reason why you posted this here? > > > > > > -- > > > Will Andrews <andrews@technologist.com> > > > GCS/E/S @d- s+:+>+:- a--->+++ C++ UB++++ P+ L- E--- W+++ !N !o ?K w--- > > > ?O M+ V-- PS+ PE++ Y+ PGP+>+++ t++ 5 X++ R+ tv+ b++>++++ DI+++ D+ > > > G++>+++ e->++++ h! r-->+++ y? > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10001172101390.96286-100000>