Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 28 Aug 1998 15:36:29 -0700 (PDT)
From:      "Jan B. Koum " <jkb@best.com>
To:        Adam McDougall <mcdougall@ameritech.net>
Cc:        security@FreeBSD.ORG
Subject:   Re: Shell history (Was: Re: post breakin log)
Message-ID:  <Pine.BSF.4.02A.9808281531330.17350-100000@shell6.ba.best.com>
In-Reply-To: <35E6F857.1E8A4101@ameritech.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Fri, 28 Aug 1998, Adam McDougall wrote:

>Jan B. Koum wrote:
>> 
>>         What if the user would be to switch shell or to install their own?
>> 
>>         I do not think one should depend on shell history to log all what
>>         user does. Best way to implement something like watch(8) to check
>>         the ttys you want or to automatically start when someone attaches
>>         to a tty. Again, this is also flawed.. what if someone simply
>
>
>If you are that interested about what a particular user is doing on your
>system, should they even have an account? :) 

	I am not. I don't even have systems on which users have an
account. This discussion arose from the "how do we track back what
intruders did on our system" type discussion. :)

>
>You could plop a script(1) command in their .cshrc or maybe in the
>system cshrc, etc if user=soandso
>
>SCRIPT(1)               FreeBSD General Commands Manual             
>SCRIPT(1)
>
>NAME
>     script - make typescript of terminal session

	cat /dev/null > typescript
	Ok, so you have $HOME/typescript append only through chflags. But:

DESCRIPTION
     Script makes a typescript of everything printed on your terminal.  It 
     is useful for students who need a hardcopy record of an interactive
     session as proof of an assignment, as the typescript file can be
     printed out later with lpr(1).

	This software was not designed with security in mind, hence...

-- Yan

>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9808281531330.17350-100000>