From owner-freebsd-security Fri Aug 28 15:37:29 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA03161 for freebsd-security-outgoing; Fri, 28 Aug 1998 15:37:29 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA03154 for ; Fri, 28 Aug 1998 15:37:27 -0700 (PDT) (envelope-from jkb@best.com) Received: from localhost (jkb@localhost) by shell6.ba.best.com (8.9.0/8.9.0/best.sh) with SMTP id PAA25617; Fri, 28 Aug 1998 15:36:29 -0700 (PDT) X-Authentication-Warning: shell6.ba.best.com: jkb owned process doing -bs Date: Fri, 28 Aug 1998 15:36:29 -0700 (PDT) From: "Jan B. Koum " X-Sender: jkb@shell6.ba.best.com To: Adam McDougall cc: security@FreeBSD.ORG Subject: Re: Shell history (Was: Re: post breakin log) In-Reply-To: <35E6F857.1E8A4101@ameritech.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 28 Aug 1998, Adam McDougall wrote: >Jan B. Koum wrote: >> >> What if the user would be to switch shell or to install their own? >> >> I do not think one should depend on shell history to log all what >> user does. Best way to implement something like watch(8) to check >> the ttys you want or to automatically start when someone attaches >> to a tty. Again, this is also flawed.. what if someone simply > > >If you are that interested about what a particular user is doing on your >system, should they even have an account? :) I am not. I don't even have systems on which users have an account. This discussion arose from the "how do we track back what intruders did on our system" type discussion. :) > >You could plop a script(1) command in their .cshrc or maybe in the >system cshrc, etc if user=soandso > >SCRIPT(1) FreeBSD General Commands Manual >SCRIPT(1) > >NAME > script - make typescript of terminal session cat /dev/null > typescript Ok, so you have $HOME/typescript append only through chflags. But: DESCRIPTION Script makes a typescript of everything printed on your terminal. It is useful for students who need a hardcopy record of an interactive session as proof of an assignment, as the typescript file can be printed out later with lpr(1). This software was not designed with security in mind, hence... -- Yan > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message