From owner-freebsd-security Mon Feb 4 8:39:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail50.fg.online.no (mail50-s.fg.online.no [148.122.161.50]) by hub.freebsd.org (Postfix) with ESMTP id 94B0237B41F for ; Mon, 4 Feb 2002 08:39:48 -0800 (PST) Received: from elixor (ti500720a080-0536.bb.online.no [146.172.50.24]) by mail50.fg.online.no (8.9.3/8.9.3) with SMTP id RAA03025; Mon, 4 Feb 2002 17:39:19 +0100 (MET) Message-ID: <001401c1ad9a$7be6d9e0$0100a8c0@elixor> From: =?iso-8859-1?Q?Geir_R=E5ness?= To: Cc: References: <20020204152325.GA64082@fbi.gov> Subject: Re: Reliable shell logs Date: Mon, 4 Feb 2002 17:39:09 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You always could set your users to the shell bash, that is patched with the "bofh" logging. That's one way you could secure log your users, but it could be found. It all depends on the intruder. This you can do something about however, you can have an locale log server, that the "shell" server sends the log to, with upload access only. So the intruder cant delete the logs, you probaly shuld make this server an local login only. Geir Råness PulZ @ efnet ----- Original Message ----- From: "Petko Popadiyski" To: Sent: Monday, February 04, 2002 4:23 PM Subject: Reliable shell logs To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message