From owner-freebsd-security Fri Aug 28 03:23:57 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id DAA28359 for freebsd-security-outgoing; Fri, 28 Aug 1998 03:23:57 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.224.24]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA28353 for ; Fri, 28 Aug 1998 03:23:54 -0700 (PDT) (envelope-from avalon@coombs.anu.edu.au) Message-Id: <199808281023.DAA28353@hub.freebsd.org> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA087409759; Fri, 28 Aug 1998 20:22:39 +1000 From: Darren Reed Subject: Re: Shell history To: netadmin@fastnet.co.uk (Jay Tribick) Date: Fri, 28 Aug 1998 20:22:39 +1000 (EST) Cc: security@FreeBSD.ORG In-Reply-To: from "Jay Tribick" at Aug 28, 98 08:55:24 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Jay Tribick, sie said: > > > | > > What if the user would be to switch shell or to install their own? > | > > I do not think one should depend on shell history to log all what > | > > user does. How would YOU monitor what your users are > | > > doing if you had to? > | > > | > accton(8), lastcomm(1) > | > | It won't tell you much. Not in its' current state. It would be a good idea > | to extend acct to log everything, including program switches and (possibly) > | some stuff from the enviroment. Also it would be a good idea to be able > | to log information on per-user basis. > > Could we not modify the [kernel] to log all activity on the ttyp's to > a file? If Jullian Assange is around, I think he did something like that for Linux which maybe portable to Unix. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message