From owner-freebsd-security Fri Aug 28 11:36:10 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA28477 for freebsd-security-outgoing; Fri, 28 Aug 1998 11:36:10 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from thing.dyn.ml.org (dyn1-tnt13-82.detroit.mi.ameritech.net [199.179.188.82]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA28470 for ; Fri, 28 Aug 1998 11:36:07 -0700 (PDT) (envelope-from mcdougall@ameritech.net) Received: from ameritech.net (bsdx [192.168.1.2]) by thing.dyn.ml.org (8.8.8/8.8.7) with ESMTP id OAA03423 for ; Fri, 28 Aug 1998 14:35:05 -0400 (EDT) (envelope-from mcdougall@ameritech.net) Message-ID: <35E6F857.1E8A4101@ameritech.net> Date: Fri, 28 Aug 1998 14:35:03 -0400 From: Adam McDougall X-Mailer: Mozilla 4.06 [en] (X11; I; FreeBSD 3.0-CURRENT i386) MIME-Version: 1.0 To: security@FreeBSD.ORG Subject: Re: Shell history (Was: Re: post breakin log) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jan B. Koum wrote: > > What if the user would be to switch shell or to install their own? > > I do not think one should depend on shell history to log all what > user does. Best way to implement something like watch(8) to check > the ttys you want or to automatically start when someone attaches > to a tty. Again, this is also flawed.. what if someone simply If you are that interested about what a particular user is doing on your system, should they even have an account? :) You could plop a script(1) command in their .cshrc or maybe in the system cshrc, etc if user=soandso SCRIPT(1) FreeBSD General Commands Manual SCRIPT(1) NAME script - make typescript of terminal session To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message