Date: Fri, 28 Aug 1998 15:36:29 -0700 (PDT) From: "Jan B. Koum " <jkb@best.com> To: Adam McDougall <mcdougall@ameritech.net> Cc: security@FreeBSD.ORG Subject: Re: Shell history (Was: Re: post breakin log) Message-ID: <Pine.BSF.4.02A.9808281531330.17350-100000@shell6.ba.best.com> In-Reply-To: <35E6F857.1E8A4101@ameritech.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 28 Aug 1998, Adam McDougall wrote: >Jan B. Koum wrote: >> >> What if the user would be to switch shell or to install their own? >> >> I do not think one should depend on shell history to log all what >> user does. Best way to implement something like watch(8) to check >> the ttys you want or to automatically start when someone attaches >> to a tty. Again, this is also flawed.. what if someone simply > > >If you are that interested about what a particular user is doing on your >system, should they even have an account? :) I am not. I don't even have systems on which users have an account. This discussion arose from the "how do we track back what intruders did on our system" type discussion. :) > >You could plop a script(1) command in their .cshrc or maybe in the >system cshrc, etc if user=soandso > >SCRIPT(1) FreeBSD General Commands Manual >SCRIPT(1) > >NAME > script - make typescript of terminal session cat /dev/null > typescript Ok, so you have $HOME/typescript append only through chflags. But: DESCRIPTION Script makes a typescript of everything printed on your terminal. It is useful for students who need a hardcopy record of an interactive session as proof of an assignment, as the typescript file can be printed out later with lpr(1). This software was not designed with security in mind, hence... -- Yan > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9808281531330.17350-100000>