From owner-freebsd-security Tue Feb 5 6:34:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail48.fg.online.no (mail48-s.fg.online.no [148.122.161.48]) by hub.freebsd.org (Postfix) with ESMTP id 6FB4537B420 for ; Tue, 5 Feb 2002 06:34:48 -0800 (PST) Received: from elixor (ti500720a080-0536.bb.online.no [146.172.50.24]) by mail48.fg.online.no (8.9.3/8.9.3) with SMTP id PAA29081; Tue, 5 Feb 2002 15:34:41 +0100 (MET) Message-ID: <004401c1ae52$3c3d5bd0$0100a8c0@elixor> From: =?iso-8859-1?Q?Geir_R=E5ness?= To: "Kerberus" Cc: References: <20020204152325.GA64082@fbi.gov><001401c1ad9a$7be6d9e0$0100a8c0@elixor> <3C5F0E7B.4020508@rambo.simx.org> <003501c1ae47$dd96e790$0100a8c0@elixor> <1012920704.24834.17.camel@vpan.netwolves.com> Subject: Re: Reliable shell logs Date: Tue, 5 Feb 2002 15:34:31 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yes it is, thanks for it. I have seen the shell patches before but not the bash secure patch.. :) Best Regards Geir Råness PulZ @ efnet ----- Original Message ----- From: "Kerberus" To: "Geir Råness" Sent: Tuesday, February 05, 2002 3:51 PM Subject: Re: Reliable shell logs Hrmmm looks like the file i sent over!! : )) On Tue, 2002-02-05 at 08:20, Geir Råness wrote: > Yeah, i have put them up at www.pulz.no/files/freebsd/Logging > Read the readme files in them, and you probaly would find the url to the > folx who made the patches... > > You can infact remove an users right to change his shell, this you could do > by limiting the users access to chsh and so on, you could set it to wheel > group only. > Or you could remove the shell from the /etc/shells (i think). > > Best Regards > > Geir Råness > PulZ @ efnet > > ----- Original Message ----- > From: "Roger 'Rocky' Vetterberg" > To: "Geir Råness" > Cc: ; > Sent: Monday, February 04, 2002 11:43 PM > Subject: Re: Reliable shell logs > > > > Geir Råness wrote: > > > > > You always could set your users to the shell bash, that is patched with > the > > > "bofh" logging. > > > That's one way you could secure log your users, but it could be found. > > > It all depends on the intruder. > > > > > > Do you know where I could find this patch? > > I tried google.com/bsd and found a bounch of sh patches, but > > none for bash. > > And what stops the user from changing his shell? 'chsh' > > would let him change shell to csh, tcsh or whatever is > > available on the system, right? How can I prevent this? > > > > > This you can do something about however, you can have an locale log > server, > > > that the "shell" server sends the log to, > > > with upload access only. > > > So the intruder cant delete the logs, you probaly shuld make this server > an > > > local login only. > > > > > > Geir Råness > > > PulZ @ efnet > > > > > > -- > > R > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message