Date: Mon, 30 Jul 2007 14:44:11 +0100 From: Tom Evans <tevans.uk@googlemail.com> To: Eric Crist <mnslinky@gmail.com> Cc: Ian Lord <mailing-lists@msdi.ca>, freebsd-questions@freebsd.org, Adam J Richardson <fatman.uk@gmail.com> Subject: Re: Root access loggin Message-ID: <1185803051.1444.10.camel@localhost> In-Reply-To: <AE852C96-F0CB-4737-BA3E-428E2AFA88BD@gmail.com> References: <050b01c7ce16$960a0570$6400a8c0@msdi.local> <1185794014.1444.7.camel@localhost> <46ADDAC2.3010404@crackmonkey.us> <AE852C96-F0CB-4737-BA3E-428E2AFA88BD@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-jGP7XhEpLjBud38gAy5o Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 2007-07-30 at 08:11 -0500, Eric Crist wrote: > On Jul 30, 2007, at 7:34 AMJul 30, 2007, Adam J Richardson wrote: >=20 > > Tom Evans wrote: > >> This seems great in principle, but of course, you just gave them a =20 > >> root > >> shell, and so they can delete their log file easily enough... > > > > You could have cron email it to you every 5 minutes. Unlikely he'd =20 > > check the crontab immediately, unless he was really bent on the =20 > > system's destruction. Likely you'd have at least some evidence of =20 > > his behaviour. Of course your email box would fill up quickly. > > > > Adam J Richardson > > >=20 > Tom, >=20 > If you're really all that worried about this, don't give them root =20 > access. You could simply sit at the console with them while they =20 > work. IIRC, they're a contractor, not an employee. Your presence =20 > during such operations wouldn't be abnormal for a contractor. >=20 > HTH >=20 > Eric Crist I'm not at all worried; the OP was. I was merely pointing out that most auditing solutions have issues that can be worked around by a malicious user; sometimes you just have to trust someone. --=-jGP7XhEpLjBud38gAy5o Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQBGresmlcRvFfyds/cRApGXAJ9yvq4LOSZObcgI1swguzDv9E8wHwCfTjbg 9q8k0ODen6o97QutjsDwKBk= =VaXi -----END PGP SIGNATURE----- --=-jGP7XhEpLjBud38gAy5o--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1185803051.1444.10.camel>