From owner-freebsd-security  Fri Aug 28 16:58:25 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA12460
          for freebsd-security-outgoing; Fri, 28 Aug 1998 16:58:25 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.224.24])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA12438
          for <security@FreeBSD.ORG>; Fri, 28 Aug 1998 16:58:18 -0700 (PDT)
          (envelope-from avalon@coombs.anu.edu.au)
Message-Id: <199808282358.QAA12438@hub.freebsd.org>
Received: by cheops.anu.edu.au
	(1.37.109.16/16.2) id AA216148587; Sat, 29 Aug 1998 09:56:27 +1000
From: Darren Reed <avalon@coombs.anu.edu.au>
Subject: Re: Shell history (Was: Re: post breakin log)
To: kelly@plutotech.com (Sean Kelly)
Date: Sat, 29 Aug 1998 09:56:27 +1000 (EST)
Cc: clash@tasam.com, jkb@best.com, security@FreeBSD.ORG
In-Reply-To: <35E6C761.BF4CEAA2@plutotech.com> from "Sean Kelly" at Aug 28, 98 09:06:09 am
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In some mail from Sean Kelly, sie said:
> 
> > I don't know that much kernel stuff, but what if you hacked the kernel so
> > that whatever syscall opens/forks a new process will log the process name
> > and parameters?
> 
> Set
> 
> 	accounting_enable="YES"
> 
> in /etc/rc.conf.

doesn't record command line options and truncates the executables name at
8 bytes.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message