From owner-freebsd-security@FreeBSD.ORG Thu Jan 8 08:07:19 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C119516A4CE for ; Thu, 8 Jan 2004 08:07:19 -0800 (PST) Received: from web60809.mail.yahoo.com (web60809.mail.yahoo.com [216.155.196.72]) by mx1.FreeBSD.org (Postfix) with SMTP id 0285343D1F for ; Thu, 8 Jan 2004 08:07:19 -0800 (PST) (envelope-from richard_bejtlich@yahoo.com) Message-ID: <20040108160716.55293.qmail@web60809.mail.yahoo.com> Received: from [68.84.6.72] by web60809.mail.yahoo.com via HTTP; Thu, 08 Jan 2004 08:07:16 PST Date: Thu, 8 Jan 2004 08:07:16 -0800 (PST) From: Richard Bejtlich To: freebsd-security@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: Logging user activities X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jan 2004 16:07:19 -0000 Thanks to everyone who replied. I've got plenty of leads to follow. My interest is in watching NOC worker actions, not implementing a honeypot. The deterrence effect of knowing certain sensitive activities are logged is of great help. Sincerely, Richard Bejtlich http://www.taosecurity.com PS: kg6hac de kd5pcd __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus