From owner-freebsd-security Mon Feb 11 18:26: 3 2002 Delivered-To: freebsd-security@freebsd.org Received: from newman2.bestweb.net (newman2.bestweb.net [209.94.102.67]) by hub.freebsd.org (Postfix) with ESMTP id 4DF3D37B617 for ; Mon, 11 Feb 2002 18:18:23 -0800 (PST) Received: from okeeffe.bestweb.net (okeefe.bestweb.net [209.94.100.110]) by newman2.bestweb.net (Postfix) with ESMTP id CD86122FD5; Mon, 11 Feb 2002 21:17:37 -0500 (EST) Received: by okeeffe.bestweb.net (Postfix, from userid 0) id DC5DA9F006; Mon, 11 Feb 2002 21:12:18 -0500 (EST) From: =?iso-8859-1?Q?Geir_R=E5ness?= To: "Kerberus" Cc: Subject: Re: Reliable shell logs Date: Tue, 5 Feb 2002 15:34:31 +0100 Message-Id: <20020212021218.DC5DA9F006@okeeffe.bestweb.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yes it is, thanks for it. I have seen the shell patches before but not the bash secure patch.. :) Best Regards Geir Råness PulZ @ efnet ----- Original Message ----- From: "Kerberus" To: "Geir Råness" Sent: Tuesday, February 05, 2002 3:51 PM Subject: Re: Reliable shell logs Hrmmm looks like the file i sent over!! : )) On Tue, 2002-02-05 at 08:20, Geir Råness wrote: > Yeah, i have put them up at www.pulz.no/files/freebsd/Logging > Read the readme files in them, and you probaly would find the url to the > folx who made the patches... > > You can infact remove an users right to change his shell, this you could do > by limiting the users access to chsh and so on, you could set it to wheel > group only. > Or you could remove the shell from the /etc/shells (i think). > > Best Regards > > Geir Råness > PulZ @ efnet > > ----- Original Message ----- > From: "Roger 'Rocky' Vetterberg" > To: "Geir Råness" > Cc: ; > Sent: Monday, February 04, 2002 11:43 PM > Subject: Re: Reliable shell logs > > > > Geir Råness wrote: > > > > > You always could set your users to the shell bash, that is patched with > the > > > "bofh" logging. > > > That's one way you could secure log your users, but it could be found. > > > It all depends on the intruder. > > > > > > Do you know where I could find this patch? > > I tried google.com/bsd and found a bounch of sh patches, but > > none for bash. > > And what stops the user from changing his shell? 'chsh' > > would let him change shell to csh, tcsh or whatever is > > available on the system, right? How can I prevent this? > > > > > This you can do something about however, you can have an locale log > server, > > > that the "shell" server sends the log to, > > > with upload access only. > > > So the intruder cant delete the logs, you probaly shuld make this server > an > > > local login only. > > > > > > Geir Råness > > > PulZ @ efnet > > > > > > -- > > R > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message