From owner-freebsd-questions@FreeBSD.ORG Mon Jul 30 12:34:18 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 252EB16A41A for ; Mon, 30 Jul 2007 12:34:18 +0000 (UTC) (envelope-from fatman.uk@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.173]) by mx1.freebsd.org (Postfix) with ESMTP id AE12913C465 for ; Mon, 30 Jul 2007 12:34:17 +0000 (UTC) (envelope-from fatman.uk@gmail.com) Received: by ug-out-1314.google.com with SMTP id o4so1207730uge for ; Mon, 30 Jul 2007 05:34:16 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding:from; b=F96pzIT18Y5I9Ptd5hkUuBCGSncT4S5X/igejzRx7qHP6QsX/KmqrzC7EvEuCDrqlJRGawiBonX/EZp5hPvBBH8+xqh1ru+G91h4oghwhpPsSsSdYCY0c7Qg0qcBoPaYurpmXzvvw0DbzYGs1RT/5RXtwtMznO7Znats1iiLgbc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding:from; b=fLLBXK/QPJ/sB5A876lIHoZXrk7Hs6/AGLaD4L8E01PDgOcV4xw0534IfPjvlCq7uHUSzBbDstMH5A9ua6I/xbYiWYpG49YmxLVppw9JhttvOvuHZA2oNr3iUMDavaokDcIbTC1MjYNHZ4L1AfVdMv9wHYVrm32lkQd0mZnD1xk= Received: by 10.67.19.13 with SMTP id w13mr5208135ugi.1185798856073; Mon, 30 Jul 2007 05:34:16 -0700 (PDT) Received: from monju-bosatsu.dreamtrack.dnsalias.com ( [86.18.88.217]) by mx.google.com with ESMTPS id 32sm2760878nfu.2007.07.30.05.34.13 (version=SSLv3 cipher=RC4-MD5); Mon, 30 Jul 2007 05:34:14 -0700 (PDT) Message-ID: <46ADDAC2.3010404@crackmonkey.us> Date: Mon, 30 Jul 2007 13:34:10 +0100 User-Agent: Thunderbird 2.0.0.0 (X11/20070421) MIME-Version: 1.0 To: Tom Evans References: <050b01c7ce16$960a0570$6400a8c0@msdi.local> <1185794014.1444.7.camel@localhost> In-Reply-To: <1185794014.1444.7.camel@localhost> Content-Type: text/plain; charset=windows-1250; format=flowed Content-Transfer-Encoding: 7bit From: Adam J Richardson Cc: freebsd-questions@freebsd.org, Ian Lord Subject: Re: Root access loggin X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2007 12:34:18 -0000 Tom Evans wrote: > This seems great in principle, but of course, you just gave them a root > shell, and so they can delete their log file easily enough... You could have cron email it to you every 5 minutes. Unlikely he'd check the crontab immediately, unless he was really bent on the system's destruction. Likely you'd have at least some evidence of his behaviour. Of course your email box would fill up quickly. Adam J Richardson