Date: Thu, 1 Jul 1999 15:04:11 -0400 (EDT) From: Master Of Spirits <ethereal@phoenix.unacom.com> To: freebsd-security@FreeBSD.ORG Subject: Tracking Root Users Message-ID: <Pine.BSF.4.10.9907011457520.38657-100000@phoenix.unacom.com>
next in thread | raw e-mail | index | archive | help
I have found that the simplest way (which I use myself) it a few modifictions to the shells themself, and to syslog.conf. For the purposes of tracking commands used by uid 0, the shells script waits for su to send a confirmed su signal and then logs to a log file and continues to log all commands sent through the shell untill su sends a termination signal. This bypasses syslog entirely save for the notification of a failed or successful SU attempts. Minor adustments could also pipe this feedback to a printer or external device, thus removing the possibility of hackers editing the logs themselves. -= UNACOM System Admin =- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9907011457520.38657-100000>