From owner-freebsd-security  Wed Jun 30 13:58:42 1999
Delivered-To: freebsd-security@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id 9FE2314F68
	for <freebsd-security@FreeBSD.ORG>; Wed, 30 Jun 1999 13:58:36 -0700 (PDT)
	(envelope-from Cy.Schubert@uumail.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id NAA16412;
	Wed, 30 Jun 1999 13:58:28 -0700
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda16410; Wed Jun 30 13:58:17 1999
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.9.3/8.9.1) id NAA00679;
	Wed, 30 Jun 1999 13:58:15 -0700 (PDT)
Message-Id: <199906302058.NAA00679@passer.osg.gov.bc.ca>
Received: from localhost.osg.gov.bc.ca(127.0.0.1), claiming to be "passer.osg.gov.bc.ca"
 via SMTP by localhost.osg.gov.bc.ca, id smtpdyjL675; Wed Jun 30 13:58:13 1999
X-Mailer: exmh version 2.0.2 2/24/98
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-OS: FreeBSD 3.1-RELEASE
X-Sender: cschuber
To: Evren Yurtesen <yurtesen@ispro.net.tr>
Cc: "Jackson, Douglas H" <douglas.h.jackson@intel.com>,
	freebsd-security@FreeBSD.ORG
Subject: Re: how to keep track of root users? 
In-reply-to: Your message of "Wed, 30 Jun 1999 22:27:34 +0300."
             <377A6FA6.2967F7E1@ispro.net.tr> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 30 Jun 1999 13:58:12 -0700
From: Cy Schubert <cschuber@uumail.gov.bc.ca>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <377A6FA6.2967F7E1@ispro.net.tr>, Evren Yurtesen writes:
> what is su2?
> in our system there are multiple people who are logging in as root and
> I want to keep track of what they are doing when they are root,
> how can I do that?

Sudo is another alternative.

Symark markets a product similar to sudo and su2 that will even 
perform keystroke logging.  Currently they support various 
platforms, including Linux (we can run the Linux binary).  They've 
told me that if there is enough interest they can recompile the 
product for other platforms not currently supported.

You could use a combination of sudo/su2 with script(1) to perform 
keystroke logging or create a hacked shell that logs commands and 
return codes to syslog.

Finally, process accounting can provide a limited logging 
capability.

Of course all of the above logging can be defeated by anyone with 
root wishing to hide their tracks.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Open Systems Group          Internet:  Cy.Schubert@uumail.gov.bc.ca
ITSD                                   Cy.Schubert@gems8.gov.bc.ca
Province of BC            
                      "e**(i*pi)+1=0"





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message