Date: Tue, 5 Feb 2002 08:47:15 -0600 (CST) From: admin <admin@crimelords.org> To: "Roger 'Rocky' Vetterberg" <listsub@rambo.simx.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Reliable shell logs Message-ID: <Pine.BSF.4.44.0202050845520.16162-100000@crimelords.org> In-Reply-To: <3C5F0E7B.4020508@rambo.simx.org>
next in thread | previous in thread | raw e-mail | index | archive | help
bofh bash and tcsh are at http://www.ccitt5.net/new/ - emacs On Mon, 4 Feb 2002, Roger 'Rocky' Vetterberg wrote: > Geir R=E5ness wrote: > > > You always could set your users to the shell bash, that is patched with= the > > "bofh" logging. > > That's one way you could secure log your users, but it could be found. > > It all depends on the intruder. > > > Do you know where I could find this patch? > I tried google.com/bsd and found a bounch of sh patches, but > none for bash. > And what stops the user from changing his shell? 'chsh' > would let him change shell to csh, tcsh or whatever is > available on the system, right? How can I prevent this? > > > This you can do something about however, you can have an locale log se= rver, > > that the "shell" server sends the log to, > > with upload access only. > > So the intruder cant delete the logs, you probaly shuld make this serve= r an > > local login only. > > > > Geir R=E5ness > > PulZ @ efnet > > > -- > R > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.44.0202050845520.16162-100000>