Date: Tue, 5 Feb 2002 14:20:20 +0100 From: =?iso-8859-1?Q?Geir_R=E5ness?= <geir@dropzone.as> To: <listsub@rambo.simx.org> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Reliable shell logs Message-ID: <003501c1ae47$dd96e790$0100a8c0@elixor> References: <20020204152325.GA64082@fbi.gov> <001401c1ad9a$7be6d9e0$0100a8c0@elixor> <3C5F0E7B.4020508@rambo.simx.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Yeah, i have put them up at www.pulz.no/files/freebsd/Logging Read the readme files in them, and you probaly would find the url to the folx who made the patches... You can infact remove an users right to change his shell, this you could do by limiting the users access to chsh and so on, you could set it to wheel group only. Or you could remove the shell from the /etc/shells (i think). Best Regards Geir Råness PulZ @ efnet ----- Original Message ----- From: "Roger 'Rocky' Vetterberg" <listsub@rambo.simx.org> To: "Geir Råness" <geir@dropzone.as> Cc: <petko@freebsd-bg.org>; <freebsd-security@FreeBSD.ORG> Sent: Monday, February 04, 2002 11:43 PM Subject: Re: Reliable shell logs > Geir Råness wrote: > > > You always could set your users to the shell bash, that is patched with the > > "bofh" logging. > > That's one way you could secure log your users, but it could be found. > > It all depends on the intruder. > > > Do you know where I could find this patch? > I tried google.com/bsd and found a bounch of sh patches, but > none for bash. > And what stops the user from changing his shell? 'chsh' > would let him change shell to csh, tcsh or whatever is > available on the system, right? How can I prevent this? > > > This you can do something about however, you can have an locale log server, > > that the "shell" server sends the log to, > > with upload access only. > > So the intruder cant delete the logs, you probaly shuld make this server an > > local login only. > > > > Geir Råness > > PulZ @ efnet > > > -- > R > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003501c1ae47$dd96e790$0100a8c0>