From owner-freebsd-security  Wed Dec 20 22:10: 7 2000
From owner-freebsd-security@FreeBSD.ORG  Wed Dec 20 22:10:05 2000
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from puck.firepipe.net (poynting.physics.purdue.edu [128.210.146.58])
	by hub.freebsd.org (Postfix) with ESMTP id C9FB037B400
	for <freebsd-security@FreeBSD.ORG>; Wed, 20 Dec 2000 22:10:05 -0800 (PST)
Received: from argon.firepipe.net (pm014-044.dialup.bignet.net [64.79.82.156])
	by puck.firepipe.net (Postfix) with ESMTP
	id C3ABE1AC4; Thu, 21 Dec 2000 01:10:04 -0500 (EST)
Received: by argon.firepipe.net (Postfix, from userid 1000)
	id 3C64F19CF; Thu, 21 Dec 2000 01:05:44 -0500 (EST)
Date: Thu, 21 Dec 2000 01:05:44 -0500
From: Will Andrews <will@physics.purdue.edu>
To: Jose Meredith <meredithjt@ialien.co.za>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Is there anyway to record Root's keystrokes
Message-ID: <20001221010543.K319@argon.firepipe.net>
Reply-To: Will Andrews <will@physics.purdue.edu>
References: <02e401c06b13$0c66fac0$3202a8c0@ialien.co.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <02e401c06b13$0c66fac0$3202a8c0@ialien.co.za>; from meredithjt@ialien.co.za on Thu, Dec 21, 2000 at 07:58:28AM +0200
X-Operating-System: FreeBSD 5.0-CURRENT i386
Sender: will@argon.firepipe.net
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, Dec 21, 2000 at 07:58:28AM +0200, Jose Meredith wrote:
> I've been thinking about how to try and make a box more secure, and one of the things on my wish list would be to be able to record
> all the command line inputs of any root shells. I know that this should actually be the job of the shell, but I can't find out how
> to have them do this.
> 
> The other work around would be to recompile the kernel with the snp device enabled, and everytime someone logins in etc., snoop
> their interaction with the machine. The problem with this, is that one would have a lot of data coming in, as well as you would be
> getting normal user stuff. I would only like the system to log everything it does as root etc.
> 
> Any ideas?

Use sudo.  See ports/security/sudo.

-- 
wca


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message