Date: Mon, 30 Jul 2007 14:44:11 +0100 From: Tom Evans <tevans.uk@googlemail.com> To: Eric Crist <mnslinky@gmail.com> Cc: Ian Lord <mailing-lists@msdi.ca>, freebsd-questions@freebsd.org, Adam J Richardson <fatman.uk@gmail.com> Subject: Re: Root access loggin Message-ID: <1185803051.1444.10.camel@localhost> In-Reply-To: <AE852C96-F0CB-4737-BA3E-428E2AFA88BD@gmail.com> References: <050b01c7ce16$960a0570$6400a8c0@msdi.local> <1185794014.1444.7.camel@localhost> <46ADDAC2.3010404@crackmonkey.us> <AE852C96-F0CB-4737-BA3E-428E2AFA88BD@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Mon, 2007-07-30 at 08:11 -0500, Eric Crist wrote: > On Jul 30, 2007, at 7:34 AMJul 30, 2007, Adam J Richardson wrote: > > > Tom Evans wrote: > >> This seems great in principle, but of course, you just gave them a > >> root > >> shell, and so they can delete their log file easily enough... > > > > You could have cron email it to you every 5 minutes. Unlikely he'd > > check the crontab immediately, unless he was really bent on the > > system's destruction. Likely you'd have at least some evidence of > > his behaviour. Of course your email box would fill up quickly. > > > > Adam J Richardson > > > > Tom, > > If you're really all that worried about this, don't give them root > access. You could simply sit at the console with them while they > work. IIRC, they're a contractor, not an employee. Your presence > during such operations wouldn't be abnormal for a contractor. > > HTH > > Eric Crist I'm not at all worried; the OP was. I was merely pointing out that most auditing solutions have issues that can be worked around by a malicious user; sometimes you just have to trust someone. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQBGresmlcRvFfyds/cRApGXAJ9yvq4LOSZObcgI1swguzDv9E8wHwCfTjbg 9q8k0ODen6o97QutjsDwKBk= =VaXi -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1185803051.1444.10.camel>