Date: Thu, 1 Jul 1999 22:29:19 +1000 (EST) From: Nicholas Brawn <ncb@zip.com.au> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: freebsd-security@FreeBSD.ORG Subject: Re: how to keep track of root users? Message-ID: <Pine.LNX.4.05.9907012223390.5912-100000@zipper.zip.com.au> In-Reply-To: <199906302058.NAA00679@passer.osg.gov.bc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 30 Jun 1999, Cy Schubert wrote: > Finally, process accounting can provide a limited logging > capability. It appears that the process accounting in FreeBSD is a remnant of a bygone era, where all cpu time was costly and had to be accounted for. From a security perspective, process accounting would need to: - log uid, gid, and euid of the user calling the process. - log the process name, executable name, and path to the executable. - log arguments to the process being executed. - log date and amount of time the process took to complete. - log the tty the user who called the process executed it from. That being said, who wants to write it? ;) Nick > > Of course all of the above logging can be defeated by anyone with > root wishing to hide their tracks. > > > Regards, Phone: (250)387-8437 > Cy Schubert Fax: (250)387-5766 > Open Systems Group Internet: Cy.Schubert@uumail.gov.bc.ca > ITSD Cy.Schubert@gems8.gov.bc.ca > Province of BC > "e**(i*pi)+1=0" > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.05.9907012223390.5912-100000>