Date: Mon, 4 Feb 2002 17:03:08 GMT From: Ceri Storey <cez@pkl.net> To: Petko Popadiyski <petko@freebsd-bg.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Reliable shell logs Message-ID: <200202041703.RAA13046@pkl.net> In-Reply-To: <20020204152325.GA64082@fbi.gov> References: <20020204152325.GA64082@fbi.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 04, 2002 at 05:23:25PM +0200, Petko Popadiyski wrote: > I don't think that .history file is reliable. In my case the shell You'd be right there. > in it only "rm .history". I would like to know is there a way to > log the used commands incrementally with syslogd , which will provide > secure logging (if syslogd uses another computer for storing them). Yes, there's a wonderful thing known as process accounting, which will record every command excecuted. Although i'm unsure whether it's possible to log command line arguments. > Also i would like to ask hot to make a user .history file unaccessible > for his owner ( to prevent it from deleting)? use "chflags sappend <file>", this will set the "system append only flag", ie: you may only append to the file, and it's only set/unsettable by root. In any case, there's nothing stopping a user from running his own shell (unless you've taken somewhat fachist measures to prevent this, eg: mounting user-writable filesystems no-execute) which does not log commands issued. -- Ceri Storey <cez@pkl.net> http://pkl.net/~cez/ vi(1)! postfix(7)! pie(5)! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202041703.RAA13046>