From owner-freebsd-security Thu Aug 27 22:44:34 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA26834 for freebsd-security-outgoing; Thu, 27 Aug 1998 22:44:34 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA26825 for ; Thu, 27 Aug 1998 22:44:27 -0700 (PDT) (envelope-from dima@burka.rdy.com) Received: (from dima@localhost) by burka.rdy.com (8.8.8/RDY&DVV) id WAA06398; Thu, 27 Aug 1998 22:43:19 -0700 (PDT) Message-Id: <199808280543.WAA06398@burka.rdy.com> Subject: Re: Shell history In-Reply-To: <199808280519.PAA04932@henry.cs.adfa.oz.au> from Warren Toomey at "Aug 28, 1998 3:19:59 pm" To: wkt@cs.adfa.oz.au Date: Thu, 27 Aug 1998 22:43:19 -0700 (PDT) Cc: jkb@best.com, security@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL45 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Warren Toomey writes: > In article by Jan B. Koum: > > What if the user would be to switch shell or to install their own? > > I do not think one should depend on shell history to log all what > > user does. How would YOU monitor what your users are > > doing if you had to? > > accton(8), lastcomm(1) It won't tell you much. Not in its' current state. It would be a good idea to extend acct to log everything, including program switches and (possibly) some stuff from the enviroment. Also it would be a good idea to be able to log information on per-user basis. > > Warren > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message