From owner-freebsd-security  Fri Aug 28 00:56:25 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA12963
          for freebsd-security-outgoing; Fri, 28 Aug 1998 00:56:25 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns0.fast.net.uk (ns0.fast.net.uk [194.207.104.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA12957
          for <security@freebsd.org>; Fri, 28 Aug 1998 00:56:20 -0700 (PDT)
          (envelope-from netadmin@fastnet.co.uk)
Received: from na.nu.na.nu (bofh.fast.net.uk [194.207.104.22])
	by ns0.fast.net.uk (8.9.0/8.8.7) with ESMTP id IAA12171
	for <security@freebsd.org>; Fri, 28 Aug 1998 08:55:25 +0100 (BST)
Received: from na.nu.na.nu (bofh.fast.net.uk [194.207.104.22])
	by na.nu.na.nu (8.8.8/8.8.8) with SMTP id IAA13224
	for <security@freebsd.org>; Fri, 28 Aug 1998 08:55:24 +0100 (BST)
	(envelope-from netadmin@fastnet.co.uk)
Date: Fri, 28 Aug 1998 08:55:24 +0100 (BST)
From: Jay Tribick <netadmin@fastnet.co.uk>
X-Sender: netadmin@na.nu.na.nu
To: security@FreeBSD.ORG
Subject: Re: Shell history
In-Reply-To: <199808280543.WAA06398@burka.rdy.com>
Message-ID: <Pine.BSF.3.96.980828085425.13172C-100000@na.nu.na.nu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


| > > 	What if the user would be to switch shell or to install their own?
| > > 	I do not think one should depend on shell history to log all what
| > > 	user does. How would YOU monitor what your users are
| > > 	doing if you had to?
| > 
| > 	accton(8), lastcomm(1)
| 
| It won't tell you much. Not in its' current state. It would be a good idea
| to extend acct to log everything, including program switches and (possibly)
| some stuff from the enviroment. Also it would be a good idea to be able
| to log information on per-user basis.

Could we not modify the [kernel] to log all activity on the ttyp's to 
a file?

Regards,

Jay Tribick
--
[| Network Administrator | FastNet International | http://fast.net.uk/ |]
[|        Finger netadmin@fastnet.co.uk for contact information        |]
[| T: +44 (0)1273 677633 F: +44 (0)1273 621631 e: netadmin@fast.net.uk |]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message