Date: Wed, 07 Jan 2004 20:15:16 -0800 From: richard childers / kg6hac <fscked@pacbell.net> To: freebsd-security@freebsd.org Subject: Re: keystroke logging Message-ID: <3FFCD954.4090106@pacbell.net> In-Reply-To: <20040107200059.0D9DF16A4D9@hub.freebsd.org> References: <20040107200059.0D9DF16A4D9@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > >What do you recommend for keeping track of user >activities? For preserving bash histories I followed >these recommendations: > >http://www.defcon1.org/secure-command.html > Interesting reading but, as others have noted, of limited use. Keystroke logging can be disabled by - as others have noted - either spawning another (perhaps different) shell, using a remote shell ... or, for those embarrassing 'oops' moments, `kill -9 $$` works nicely. Try it and see. Daemonized Networking Services has produced a standalone server configuration that uses a modified script(1) and .login to collect keystroke logs; the target users are consultants, or companies, whom administer highly secure networking equipment via serial links or command-line interfaces, and whose own business files, or customers - banks, say, or government agencies - require logs of what they did - for purposes of auditing, disaster recovery, and liability-related issues. This method captures every keystroke - including typos before hitting RETURN - and cannot be sabotaged. As an added advantage, the logs can be immediately, or subsequently, forwarded via electronic mail, so that they are replicated in multiple places. We also have a network server configuration that incorporates everything described above, as well as an encrypted filesystem; although the encrypted filesystem is optional, and there are some unresolved issues related to backing up the contents - as well as recovering them - your entire home directory, including your personal startup files, are incorporated into the encrypted filesystem. Pretty cool; add a GUI, maybe an office suite, and we think we can give Windows 2000 a run for their money - in some quarters, at least. (Angel VCs are welcome; development isn't cheap, here in the Bay Area.) I mention this as a shameless plug for our products, which are based on FreeBSD, as well as pursuant to the topic at hand; incidentally, freely dispensing intellectual property that took years to acquire, in exchange. (Gotta stop that.) (You folks all signed NDAs, right?) (-; Regards, -- richard -- Richard Childers / Senior Engineer Daemonized Networking Services 945 Taraval Street, #105 San Francisco, CA 94116 USA [011.]1.415.759.5571 https://www.daemonized.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FFCD954.4090106>