Date: Mon, 30 Jul 2007 15:20:49 +0200 From: "Ronald Klop" <ronald-freebsd8@klop.yi.org> To: "Eric Crist" <mnslinky@gmail.com>, "Adam J Richardson" <fatman.uk@gmail.com> Cc: Tom Evans <tevans.uk@googlemail.com>, freebsd-questions@freebsd.org, Ian Lord <mailing-lists@msdi.ca> Subject: Re: Root access loggin Message-ID: <op.tv94oz0p8527sy@guido.klop.ws> In-Reply-To: <AE852C96-F0CB-4737-BA3E-428E2AFA88BD@gmail.com> References: <050b01c7ce16$960a0570$6400a8c0@msdi.local> <1185794014.1444.7.camel@localhost> <46ADDAC2.3010404@crackmonkey.us> <AE852C96-F0CB-4737-BA3E-428E2AFA88BD@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 30 Jul 2007 15:11:06 +0200, Eric Crist <mnslinky@gmail.com> wrote: > On Jul 30, 2007, at 7:34 AMJul 30, 2007, Adam J Richardson wrote: > >> Tom Evans wrote: >>> This seems great in principle, but of course, you just gave them a root >>> shell, and so they can delete their log file easily enough... >> >> You could have cron email it to you every 5 minutes. Unlikely he'd >> check the crontab immediately, unless he was really bent on the >> system's destruction. Likely you'd have at least some evidence of his >> behaviour. Of course your email box would fill up quickly. >> >> Adam J Richardson >> > > Tom, > > If you're really all that worried about this, don't give them root > access. You could simply sit at the console with them while they work. > IIRC, they're a contractor, not an employee. Your presence during such > operations wouldn't be abnormal for a contractor. I don't have the original post of this, so I don't know the details, but this sounds like a good project for remote audit logging. Or is that only in FreeBSD 7? Or use accounting: accton(8). Is it possible to setup an accounting file as an named pipe, to log to a remote host? Ronald. -- Ronald Klop Amsterdam, The Netherlands
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.tv94oz0p8527sy>