From owner-freebsd-questions Tue Jan 7 08:44:16 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id IAA29021 for questions-outgoing; Tue, 7 Jan 1997 08:44:16 -0800 (PST) Received: from xmission.xmission.com (softweyr@xmission.xmission.com [198.60.22.2]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id IAA29016 for ; Tue, 7 Jan 1997 08:44:14 -0800 (PST) Received: (from softweyr@localhost) by xmission.xmission.com (8.8.4/8.7.5) id JAA12239; Tue, 7 Jan 1997 09:41:56 -0700 (MST) From: Softweyr LLC Message-Id: <199701071641.JAA12239@xmission.xmission.com> Subject: Re: new bash of mine To: veraldi@CS.UniBO.IT (Riccardo Veraldi) Date: Tue, 7 Jan 1997 09:41:54 -0700 (MST) Cc: questions@freebsd.org Reply-To: security@freebsd.org In-Reply-To: from "Riccardo Veraldi" at Jan 7, 97 04:16:52 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Riccardo Veraldi recently stated: > I have modifyed a GNU Bourne Again Shell version 1.14.7 > this shell now intercepts every command line of the user > and writes it in a database file together with the name of the user > and the time when the user did the certain command line using the shell. > The shell also does not allow to the user to delete or look inside > the database unless the user is root. > IF a user try to look in the database or to corrupt it the shell send > a mail to root about the user behaviour. > I have also modifyed the makefile to be suitable for the freeBSD UN*X > environment. > Could this shell be interesting for admin porpouse ? > I mean could this be interesting as FreeBSD tool for administrators > who do not trust so much in their users ? Certainly. An ISP looking to record the actions of their users, for instance, might be *very* interested in this, if implemented in a secure manner. Where do the database files end up? How are they written in a manner that the user cannot access them, even though the log entries are coming from him? > Who I have to ask for if my program is interesting? I would be interested in looking at your changes. Can you make a set of context diffs so I can patch a source tree? We should probably take the rest of this discussion over to the security mail list; I've directed replies there. If you don't subscribe to that list already, you should. It is a relatively low-volume list, with not much chattering. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.xmission.com/~softweyr softweyr@xmission.com