Date: Tue, 25 Feb 1997 06:33:48 +0800 (WST) From: Adrian Chadd <adrian@cougar.aceonline.com.au> To: auditors@freebsd.org Cc: hackers@freebsd.org Subject: Re: disallow setuid root shells? Message-ID: <Pine.LNX.3.93.970225063103.10014B-100000@cougar.aceonline.com.au> In-Reply-To: <3.0.32.19970224223639.00b243d0@dimaga.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Feb 1997, Eivind Eklund wrote: > I actually think logging could be much more effective than just exiting - > with logging (especially remote logging) you'd actually have a trace of how > the intruder got in, and standard exploits would probably still use /bin/sh > to give a root shell (they're usually made to demonstrate a point, not to > create good intruder tools). Any luser that use a standard exploit will > end up in the log file on another host *grin*. > Heheh.. yep. > I'd really like it to log the remote address for the session if available - > nice to have for a later manhunt... > Use syslog() ? Since it supports the remote logging, there isn't much point in using anything else. Adrian Chadd <adrian@psinet.net.au>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.93.970225063103.10014B-100000>