Date: Tue, 6 Jan 2004 13:04:30 -0800 (PST) From: Richard Bejtlich <richard_bejtlich@yahoo.com> To: freebsd-security@freebsd.org Subject: Logging user activities Message-ID: <20040106210430.28516.qmail@web60806.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hello, What do you recommend for keeping track of user activities? For preserving bash histories I followed these recommendations: http://www.defcon1.org/secure-command.html They include using 'chflags sappnd .bash_history', enabling process accounting, and the like. My goal is to "watch the watchers," i.e. watch for abuse of power by SOC people with the ability to view traffic captured by sniffers. I plan to use sudo to limit and audit user activities too. I may also try some of the patches to bash listed at project.honeynet.org which send keystrokes to a remote server. Hardware keystroke logging is always a possibility. For more, should I turn to TrustedBSD integration in a future 5.x release? Thank you, Richard Bejtlich http://www.taosecurity.com __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040106210430.28516.qmail>