Date: Mon, 04 Feb 2002 23:43:07 +0100 From: "Roger 'Rocky' Vetterberg" <listsub@rambo.simx.org> To: Geir =?ISO-8859-1?Q?R=E5ness?= <geir@dropzone.as> Cc: petko@freebsd-bg.org, freebsd-security@FreeBSD.ORG Subject: Re: Reliable shell logs Message-ID: <3C5F0E7B.4020508@rambo.simx.org> References: <20020204152325.GA64082@fbi.gov> <001401c1ad9a$7be6d9e0$0100a8c0@elixor>
next in thread | previous in thread | raw e-mail | index | archive | help
Geir Råness wrote: > You always could set your users to the shell bash, that is patched with the > "bofh" logging. > That's one way you could secure log your users, but it could be found. > It all depends on the intruder. Do you know where I could find this patch? I tried google.com/bsd and found a bounch of sh patches, but none for bash. And what stops the user from changing his shell? 'chsh' would let him change shell to csh, tcsh or whatever is available on the system, right? How can I prevent this? > This you can do something about however, you can have an locale log server, > that the "shell" server sends the log to, > with upload access only. > So the intruder cant delete the logs, you probaly shuld make this server an > local login only. > > Geir Råness > PulZ @ efnet -- R To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C5F0E7B.4020508>