Date: Tue, 5 Feb 2002 15:34:31 +0100 From: =?iso-8859-1?Q?Geir_R=E5ness?= <geir@dropzone.as> To: "Kerberus" <kerberus@microbsd.net> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Reliable shell logs Message-ID: <20020212021218.DC5DA9F006@okeeffe.bestweb.net>
next in thread | raw e-mail | index | archive | help
Yes it is, thanks for it. I have seen the shell patches before but not the bash secure patch.. :) Best Regards Geir Råness PulZ @ efnet ----- Original Message ----- From: "Kerberus" <kerberus@microbsd.net> To: "Geir Råness" <geir@dropzone.as> Sent: Tuesday, February 05, 2002 3:51 PM Subject: Re: Reliable shell logs Hrmmm looks like the file i sent over!! : )) On Tue, 2002-02-05 at 08:20, Geir Råness wrote: > Yeah, i have put them up at www.pulz.no/files/freebsd/Logging > Read the readme files in them, and you probaly would find the url to the > folx who made the patches... > > You can infact remove an users right to change his shell, this you could do > by limiting the users access to chsh and so on, you could set it to wheel > group only. > Or you could remove the shell from the /etc/shells (i think). > > Best Regards > > Geir Råness > PulZ @ efnet > > ----- Original Message ----- > From: "Roger 'Rocky' Vetterberg" <listsub@rambo.simx.org> > To: "Geir Råness" <geir@dropzone.as> > Cc: <petko@freebsd-bg.org>; <freebsd-security@FreeBSD.ORG> > Sent: Monday, February 04, 2002 11:43 PM > Subject: Re: Reliable shell logs > > > > Geir Råness wrote: > > > > > You always could set your users to the shell bash, that is patched with > the > > > "bofh" logging. > > > That's one way you could secure log your users, but it could be found. > > > It all depends on the intruder. > > > > > > Do you know where I could find this patch? > > I tried google.com/bsd and found a bounch of sh patches, but > > none for bash. > > And what stops the user from changing his shell? 'chsh' > > would let him change shell to csh, tcsh or whatever is > > available on the system, right? How can I prevent this? > > > > > This you can do something about however, you can have an locale log > server, > > > that the "shell" server sends the log to, > > > with upload access only. > > > So the intruder cant delete the logs, you probaly shuld make this server > an > > > local login only. > > > > > > Geir Råness > > > PulZ @ efnet > > > > > > -- > > R > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020212021218.DC5DA9F006>