Date: Fri, 9 Jan 2004 15:06:57 +0100 From: Pawel Jakub Dawidek <nick@garage.freebsd.pl> To: Richard Bejtlich <richard_bejtlich@yahoo.com> Cc: freebsd-security@freebsd.org Subject: Re: Logging user activities Message-ID: <20040109140656.GK9171@garage.freebsd.pl> In-Reply-To: <20040106210430.28516.qmail@web60806.mail.yahoo.com> References: <20040106210430.28516.qmail@web60806.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--SEFvVLxbW/dEDtN8 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 06, 2004 at 01:04:30PM -0800, Richard Bejtlich wrote: +> They include using 'chflags sappnd .bash_history', +> enabling process accounting, and the like. =20 +>=20 +> My goal is to "watch the watchers," i.e. watch for +> abuse of power by SOC people with the ability to view +> traffic captured by sniffers. Just forget about those methods. The only right way for such things is to monitor execve(2) syscall on kernel level. Look at: http://garage.freebsd.pl/lrexec.README http://garage.freebsd.pl/lrexec.tbz --=20 Pawel Jakub Dawidek pawel@dawidek.net UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net --SEFvVLxbW/dEDtN8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBP/61gD/PhmMH/Mf1AQGkSwP9GIx7poVHKzzOCwE1J8+QccKxmrv21Dpf 7aze3CWvE+9IA368Lj4ZCfVAzii9fwcBgnoJ+3DEZqeZNs9qom2MkS2+P3zaP9da s9KbEmRYok2YL7bBIDzGUqCRbEFK4AtIMVc8vcuV0MTCy52ryzPFR5nCs513EJVT FFYQ+AWbbB8= =n5yg -----END PGP SIGNATURE----- --SEFvVLxbW/dEDtN8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040109140656.GK9171>