From owner-freebsd-security  Fri Aug 28 01:15:56 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA15517
          for freebsd-security-outgoing; Fri, 28 Aug 1998 01:15:56 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from burka.rdy.com (burka.rdy.com [205.149.163.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA15512
          for <security@FreeBSD.ORG>; Fri, 28 Aug 1998 01:15:53 -0700 (PDT)
          (envelope-from dima@burka.rdy.com)
Received: (from dima@localhost)
	by burka.rdy.com (8.8.8/RDY&DVV) id BAA07281;
	Fri, 28 Aug 1998 01:14:53 -0700 (PDT)
Message-Id: <199808280814.BAA07281@burka.rdy.com>
Subject: Re: Shell history
In-Reply-To: <Pine.BSF.3.96.980828085425.13172C-100000@na.nu.na.nu> from Jay Tribick at "Aug 28, 1998  8:55:24 am"
To: netadmin@fastnet.co.uk (Jay Tribick)
Date: Fri, 28 Aug 1998 01:14:53 -0700 (PDT)
Cc: security@FreeBSD.ORG
X-Class: Fast
Organization: HackerDome
Reply-To: dima@best.net
From: dima@best.net (Dima Ruban)
X-Mailer: ELM [version 2.4ME+ PL45 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Jay Tribick writes:
> 
> | > > 	What if the user would be to switch shell or to install their own?
> | > > 	I do not think one should depend on shell history to log all what
> | > > 	user does. How would YOU monitor what your users are
> | > > 	doing if you had to?
> | > 
> | > 	accton(8), lastcomm(1)
> | 
> | It won't tell you much. Not in its' current state. It would be a good idea
> | to extend acct to log everything, including program switches and (possibly)
> | some stuff from the enviroment. Also it would be a good idea to be able
> | to log information on per-user basis.
> 
> Could we not modify the [kernel] to log all activity on the ttyp's to 
> a file?

Yeah. You'll need to modify telnetd/rlogind/sshd/etc to do it.

> 
> Regards,
> 
> Jay Tribick
> --
> [| Network Administrator | FastNet International | http://fast.net.uk/ |]
> [|        Finger netadmin@fastnet.co.uk for contact information        |]
> [| T: +44 (0)1273 677633 F: +44 (0)1273 621631 e: netadmin@fast.net.uk |]
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

-- dima

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message