From owner-freebsd-security Wed Dec 20 21:56: 5 2000 From owner-freebsd-security@FreeBSD.ORG Wed Dec 20 21:56:04 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from srv1.ialien.co.za (srv1.ialien.co.za [196.14.132.45]) by hub.freebsd.org (Postfix) with ESMTP id C451737B402 for ; Wed, 20 Dec 2000 21:56:00 -0800 (PST) Received: from [192.168.2.50] (helo=bob) by srv1.ialien.co.za with smtp (Exim 3.16 #1) id 148yhn-000F4r-00 for freebsd-security@freebsd.org; Thu, 21 Dec 2000 07:55:55 +0200 Message-ID: <02e401c06b13$0c66fac0$3202a8c0@ialien.co.za> From: "Jose Meredith" To: Subject: Is there anyway to record Root's keystrokes Date: Thu, 21 Dec 2000 07:58:28 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've been thinking about how to try and make a box more secure, and one of the things on my wish list would be to be able to record all the command line inputs of any root shells. I know that this should actually be the job of the shell, but I can't find out how to have them do this. The other work around would be to recompile the kernel with the snp device enabled, and everytime someone logins in etc., snoop their interaction with the machine. The problem with this, is that one would have a lot of data coming in, as well as you would be getting normal user stuff. I would only like the system to log everything it does as root etc. Any ideas? Thanx in advance Bob To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message