Date: Mon, 4 Feb 2002 17:23:25 +0200 From: Petko Popadiyski <petko@freebsd-bg.org> To: freebsd-security@freebsd.org Subject: Reliable shell logs Message-ID: <20020204152325.GA64082@fbi.gov>
next in thread | raw e-mail | index | archive | help
--SUOF0GtieIMvvwua Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Recently one of my systems was hacked. I succeded in stopping the hacker of= deleting files, so my logs from the syslogd weren't touched. The problem i= s that I don't know what commends the hacker used while he was logged in my= system. i am using zshell 4.0.4, but I don't think that .history file is r= eliable. In my case the shell was killed and it didn't managed to write the= logs from the loggin in the file. there are options like INC_APPEND_HISTOR= Y, where the new history lines are added as soon as they are entered, but i= n this case tha intruder can delete the history file, and i will see in it = only "rm .history". I would like to know is there a way to log the used com= mands incrementally with syslogd , which will provide secure logging (if sy= slogd uses another computer for storing them).=20 Also i would like to ask hot to make a user .history file unaccessible for= his owner ( to prevent it from deleting)?=20 --=20 Best wishes, Petko Popadiyski ICQ: 59468934 --SUOF0GtieIMvvwua Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8XqdtJeZoJ/z3pAwRAkRDAJ9jqN8uG4b8OCQPF+YWLo7CVGZ02gCfc0NI GKN7mkWAU0kL63LuJGDTsFc= =OLmD -----END PGP SIGNATURE----- --SUOF0GtieIMvvwua-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020204152325.GA64082>