Date: Mon, 4 Feb 2002 17:23:25 +0200 From: Petko Popadiyski <petko@freebsd-bg.org> To: freebsd-security@freebsd.org Subject: Reliable shell logs Message-ID: <20020204152325.GA64082@fbi.gov>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Recently one of my systems was hacked. I succeded in stopping the hacker of deleting files, so my logs from the syslogd weren't touched. The problem is that I don't know what commends the hacker used while he was logged in my system. i am using zshell 4.0.4, but I don't think that .history file is reliable. In my case the shell was killed and it didn't managed to write the logs from the loggin in the file. there are options like INC_APPEND_HISTORY, where the new history lines are added as soon as they are entered, but in this case tha intruder can delete the history file, and i will see in it only "rm .history". I would like to know is there a way to log the used commands incrementally with syslogd , which will provide secure logging (if syslogd uses another computer for storing them). Also i would like to ask hot to make a user .history file unaccessible for his owner ( to prevent it from deleting)? -- Best wishes, Petko Popadiyski ICQ: 59468934 [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8XqdtJeZoJ/z3pAwRAkRDAJ9jqN8uG4b8OCQPF+YWLo7CVGZ02gCfc0NI GKN7mkWAU0kL63LuJGDTsFc= =OLmD -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020204152325.GA64082>