Date: Thu, 27 Aug 1998 21:55:59 -0700 (PDT) From: "Jan B. Koum " <jkb@best.com> To: Gary Palmer <gpalmer@FreeBSD.ORG> Cc: Brian Behlendorf <brian@hyperreal.org>, Wilson MacGyver <macgyver@cylatech.com>, security@FreeBSD.ORG Subject: Shell history (Was: Re: post breakin log) Message-ID: <Pine.BSF.4.02A.9808272151030.27634-100000@shell6.ba.best.com> In-Reply-To: <1652.904271528@gjp.erols.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is assuming intruder will not try to change shell, turn off
history within the shell and is in general pretty clueless when it comes
to shell history. :)
A friend of mine came up with an idea to create a shell which
would log everything a user does.. not via shell history mechanism, but
rather ala watch(8). Everything user types would go into some files
somewhere. Then again, nothing ever came out of it.
-- Yan
www.best.com/~jkb/ Unix users of the world unite:
www.{free,open,net}bsd.org | www.linux.org | www.apache.org | www.perl.com
"Turn up the lights, I don't want to go home in the dark."
On Thu, 27 Aug 1998, Gary Palmer wrote:
>Brian Behlendorf wrote in message ID
><19980827182323.6798.qmail@hyperreal.org>:
>> Is there a fool-proof way to get user histories like this? I got one once
>> only because the cracker was lame enough to forget to delete his
>> .bash_history file. Presuming root isn't compromised of course...
>
>Force the history files to be created with uappend flag set and run with a non
>zero security level.
>
>Gary
>--
>Gary Palmer FreeBSD Core Team Member
>FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9808272151030.27634-100000>