Date: Wed, 25 Jul 2007 11:44:19 +0100 From: Feargal Reilly <feargal@fbi.ie> To: freebsd-questions@freebsd.org Subject: Re: Root access loggin Message-ID: <20070725114419.3df83739@mablung.edhellond.fbi.ie> In-Reply-To: <054701c7ce2d$6f42d6d0$6400a8c0@msdi.local> References: <050b01c7ce16$960a0570$6400a8c0@msdi.local> <46A63689.80906@voidmain.net> <444pjt3ard.fsf@be-well.ilk.org> <46A652D7.4030001@voidmain.net> <5e49673f0707241241w4c751dbbi4a28590e5b164fc2@mail.gmail.com> <054701c7ce2d$6f42d6d0$6400a8c0@msdi.local>
next in thread | previous in thread | raw e-mail | index | archive | help
> Exactly, I don't know what needs to be done, and they don't > neither. That's why they need to browse around trying to > figure out why their installer doesn't work. > > Sudo wouldn't be any help here cause I would need to pre > approve commands and I don't know which one will be needed. > > Basically, I don't there there is a better solution then > giving away the root password, but at least, I would like a > log of what has been done. > > Naturally, I understand any log could be overwritten/modified > since the person is root, but since I don't think Zend would > make fun in hacking my server, the point in having the log is > to undo anything I wouldn't approve .. > You may want to have a look at shells/tcsh-bofh - it installs a patched tcsh shell in /usr/local/bin which logs all commands to the USER syslog facility . Set both their user and root's shell to that tcsh (or copy over the system tcsh) and you'll have a log of all their commands, provided they don't run another shell, something you'll just have to instruct them on. Tell them you'll consider it trespassing if they use another shell. As far as protecting logs, securelevels will offer some degree of protection. If you set syslog to log user.* to a seperate file, and then set the sappnd and sunlnk flags, then the file can only be appended to. If you then raise your securelevel to 1, these flags can not be removed. If you're being that paranoid, you'll want to set flags on syslog.conf as well, so the facility can't be changed. I haven't actually tried any of the above, so your mileage will definitely vary. -fr. -- Feargal Reilly, Chief Techie, FBI. PGP Key: 0xBD252C01 (expires: 2006-11-30) Web: http://www.fbi.ie/ | Tel: +353.14988588 | Fax: +353.14988489 Communications House, 11 Sallymount Avenue, Ranelagh, Dublin 6.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070725114419.3df83739>