Date: Thu, 27 Aug 1998 21:55:59 -0700 (PDT) From: "Jan B. Koum " <jkb@best.com> To: Gary Palmer <gpalmer@FreeBSD.ORG> Cc: Brian Behlendorf <brian@hyperreal.org>, Wilson MacGyver <macgyver@cylatech.com>, security@FreeBSD.ORG Subject: Shell history (Was: Re: post breakin log) Message-ID: <Pine.BSF.4.02A.9808272151030.27634-100000@shell6.ba.best.com> In-Reply-To: <1652.904271528@gjp.erols.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is assuming intruder will not try to change shell, turn off history within the shell and is in general pretty clueless when it comes to shell history. :) A friend of mine came up with an idea to create a shell which would log everything a user does.. not via shell history mechanism, but rather ala watch(8). Everything user types would go into some files somewhere. Then again, nothing ever came out of it. -- Yan www.best.com/~jkb/ Unix users of the world unite: www.{free,open,net}bsd.org | www.linux.org | www.apache.org | www.perl.com "Turn up the lights, I don't want to go home in the dark." On Thu, 27 Aug 1998, Gary Palmer wrote: >Brian Behlendorf wrote in message ID ><19980827182323.6798.qmail@hyperreal.org>: >> Is there a fool-proof way to get user histories like this? I got one once >> only because the cracker was lame enough to forget to delete his >> .bash_history file. Presuming root isn't compromised of course... > >Force the history files to be created with uappend flag set and run with a non >zero security level. > >Gary >-- >Gary Palmer FreeBSD Core Team Member >FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9808272151030.27634-100000>