From owner-freebsd-security  Tue Feb  5  6:57: 6 2002
Delivered-To: freebsd-security@freebsd.org
Received: from crimelords.org (crimelords.org [199.233.213.8])
	by hub.freebsd.org (Postfix) with ESMTP id 0000F37B42A
	for <freebsd-security@FreeBSD.ORG>; Tue,  5 Feb 2002 06:57:00 -0800 (PST)
Received: from localhost (admin@localhost)
	by crimelords.org (8.11.6/8.11.6) with ESMTP id g15ElFG16217;
	Tue, 5 Feb 2002 08:47:15 -0600 (CST)
	(envelope-from admin@crimelords.org)
Date: Tue, 5 Feb 2002 08:47:15 -0600 (CST)
From: admin <admin@crimelords.org>
To: "Roger 'Rocky' Vetterberg" <listsub@rambo.simx.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Reliable shell logs
In-Reply-To: <3C5F0E7B.4020508@rambo.simx.org>
Message-ID: <Pine.BSF.4.44.0202050845520.16162-100000@crimelords.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: QUOTED-PRINTABLE
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

bofh bash and tcsh are at

http://www.ccitt5.net/new/

- emacs

On Mon, 4 Feb 2002, Roger 'Rocky' Vetterberg wrote:

> Geir R=E5ness wrote:
>
> > You always could set your users to the shell bash, that is patched with=
 the
> > "bofh" logging.
> > That's one way you could secure log your users, but it could be found.
> > It all depends on the intruder.
>
>
> Do you know where I could find this patch?
> I tried google.com/bsd and found a bounch of sh patches, but
> none for bash.
> And what stops the user from changing his shell? 'chsh'
> would let him change shell to csh, tcsh or whatever is
> available on the system, right? How can I prevent this?
>
> > This you can do something about however,  you can have an locale log se=
rver,
> > that the "shell" server sends the log to,
> > with upload access only.
> > So the intruder cant delete the logs, you probaly shuld make this serve=
r an
> > local login only.
> >
> > Geir R=E5ness
> > PulZ @ efnet
>
>
> --
> R
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message