From owner-freebsd-questions  Tue Jan  7 08:13:39 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id IAA27606
          for questions-outgoing; Tue, 7 Jan 1997 08:13:39 -0800 (PST)
Received: from smtest.usit.net (smtest.usit.net [199.1.48.16])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id IAA27601
          for <questions@FreeBSD.ORG>; Tue, 7 Jan 1997 08:13:36 -0800 (PST)
Received: from abyss ([206.29.54.176]) by smtest.usit.net (8.7.5/8.6.12) with SMTP id LAA21013; Tue, 7 Jan 1997 11:21:06 -0500 (EST)
Message-ID: <32D278BD.48F3@usit.net>
Date: Tue, 07 Jan 1997 11:24:29 -0500
From: Troy Settle <pitlord@usit.net>
Reply-To: pitlord@usit.net
X-Mailer: Mozilla 3.01 (WinNT; I)
MIME-Version: 1.0
To: Riccardo Veraldi <veraldi@CS.UniBO.IT>
CC: questions@FreeBSD.ORG
Subject: Re: new bash of mine
References: <Pine.SUN.3.91.970107161616.12719A-100000@flora>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Riccardo Veraldi wrote:
> 
> I have modifyed a GNU Bourne Again Shell
> version 1.14.7
> this shell now intercepts every command line of the user
> and writes it in a database file together with the name of the user
> and the time when the user did the certain command line using the shell.
> The shell also does not allow to the user to delete or look inside
> the database unless the user is root.
> IF a user try to look in the database or to corrupt it the shell send
> a mail to root about the user behaviour.
> I have also modifyed the makefile to be suitable for the freeBSD UN*X
> environment.


...big brother is watching...

bash$ exec tcsh  # Let me free!!!
% cat /dev/null > /path/to/file/containing/user/activities

...screw big brother...

Actually, I think it's an interesting idea... and could be silently
used to catch unaware crackers.  for the most part though, I think
you'd end up with a file full of junk that would be a serious pain
to sort through.

This type of thing could be useful for internal attacks, but hopefully,
we're all carefull about who we give shell access to.

> Could this shell be interesting for admin porpouse ?
> I mean could this be interesting as FreeBSD tool for administrators
> who do not trust so much in their users ?
> 
> Who I have to ask for if my program is interesting?
> 
> thanks
> 
> Riccardo Veraldi

-- 
.signature files suck a big one
http://www.public.usit.net/pitlord