From owner-freebsd-questions@FreeBSD.ORG Mon Jul 30 13:44:16 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0B27516A419 for ; Mon, 30 Jul 2007 13:44:16 +0000 (UTC) (envelope-from tevans.uk@googlemail.com) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.185]) by mx1.freebsd.org (Postfix) with ESMTP id 8836713C478 for ; Mon, 30 Jul 2007 13:44:15 +0000 (UTC) (envelope-from tevans.uk@googlemail.com) Received: by mu-out-0910.google.com with SMTP id w9so1676232mue for ; Mon, 30 Jul 2007 06:44:13 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=googlemail.com; s=beta; h=domainkey-signature:received:received:subject:from:to:cc:in-reply-to:references:content-type:date:message-id:mime-version:x-mailer; b=Xi0MbPdNp/4eKC92tT1OT0SirsaSxYN4G7E6As9oR37aoGz44Agwwa4EaA2vkkUtztooz3xyHOBcZVMBgtv9ibA8kkVO1loOmCKDpiMI3omOlyiDGUR8P6PMnB0B8y4EnoAhG5xwUkVymagN2wREN5OUBAqJU0uBa5NxPNu+b5Q= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=beta; h=received:subject:from:to:cc:in-reply-to:references:content-type:date:message-id:mime-version:x-mailer; b=bI7k8ymLCw7ewPKc87TGTPuJqp3cuQWS0YIQPT+l4eStKHT3KHB5UbUSZHV9x3G3BFGW6tGjC3PGaN+8LPyq0AegaMICfabcfRtbUKj3Y8fKLqiNm+dDc80F617DF2q8OkfmZ+5zcz4KmkezGSOeA391Ek9X7bmQi2aVAUtHR8w= Received: by 10.82.174.20 with SMTP id w20mr4224028bue.1185803053695; Mon, 30 Jul 2007 06:44:13 -0700 (PDT) Received: from ?127.0.0.1? ( [217.206.187.79]) by mx.google.com with ESMTPS id f7sm13004488nfh.2007.07.30.06.44.12 (version=SSLv3 cipher=RC4-MD5); Mon, 30 Jul 2007 06:44:13 -0700 (PDT) From: Tom Evans To: Eric Crist In-Reply-To: References: <050b01c7ce16$960a0570$6400a8c0@msdi.local> <1185794014.1444.7.camel@localhost> <46ADDAC2.3010404@crackmonkey.us> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-jGP7XhEpLjBud38gAy5o" Date: Mon, 30 Jul 2007 14:44:11 +0100 Message-Id: <1185803051.1444.10.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.10.2 FreeBSD GNOME Team Port Cc: Ian Lord , freebsd-questions@freebsd.org, Adam J Richardson Subject: Re: Root access loggin X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2007 13:44:16 -0000 --=-jGP7XhEpLjBud38gAy5o Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 2007-07-30 at 08:11 -0500, Eric Crist wrote: > On Jul 30, 2007, at 7:34 AMJul 30, 2007, Adam J Richardson wrote: >=20 > > Tom Evans wrote: > >> This seems great in principle, but of course, you just gave them a =20 > >> root > >> shell, and so they can delete their log file easily enough... > > > > You could have cron email it to you every 5 minutes. Unlikely he'd =20 > > check the crontab immediately, unless he was really bent on the =20 > > system's destruction. Likely you'd have at least some evidence of =20 > > his behaviour. Of course your email box would fill up quickly. > > > > Adam J Richardson > > >=20 > Tom, >=20 > If you're really all that worried about this, don't give them root =20 > access. You could simply sit at the console with them while they =20 > work. IIRC, they're a contractor, not an employee. Your presence =20 > during such operations wouldn't be abnormal for a contractor. >=20 > HTH >=20 > Eric Crist I'm not at all worried; the OP was. I was merely pointing out that most auditing solutions have issues that can be worked around by a malicious user; sometimes you just have to trust someone. --=-jGP7XhEpLjBud38gAy5o Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQBGresmlcRvFfyds/cRApGXAJ9yvq4LOSZObcgI1swguzDv9E8wHwCfTjbg 9q8k0ODen6o97QutjsDwKBk= =VaXi -----END PGP SIGNATURE----- --=-jGP7XhEpLjBud38gAy5o--