Date: Wed, 30 Jun 1999 13:58:12 -0700 From: Cy Schubert <cschuber@uumail.gov.bc.ca> To: Evren Yurtesen <yurtesen@ispro.net.tr> Cc: "Jackson, Douglas H" <douglas.h.jackson@intel.com>, freebsd-security@FreeBSD.ORG Subject: Re: how to keep track of root users? Message-ID: <199906302058.NAA00679@passer.osg.gov.bc.ca> In-Reply-To: Your message of "Wed, 30 Jun 1999 22:27:34 %2B0300." <377A6FA6.2967F7E1@ispro.net.tr>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <377A6FA6.2967F7E1@ispro.net.tr>, Evren Yurtesen writes:
> what is su2?
> in our system there are multiple people who are logging in as root and
> I want to keep track of what they are doing when they are root,
> how can I do that?
Sudo is another alternative.
Symark markets a product similar to sudo and su2 that will even
perform keystroke logging. Currently they support various
platforms, including Linux (we can run the Linux binary). They've
told me that if there is enough interest they can recompile the
product for other platforms not currently supported.
You could use a combination of sudo/su2 with script(1) to perform
keystroke logging or create a hacked shell that logs commands and
return codes to syslog.
Finally, process accounting can provide a limited logging
capability.
Of course all of the above logging can be defeated by anyone with
root wishing to hide their tracks.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Open Systems Group Internet: Cy.Schubert@uumail.gov.bc.ca
ITSD Cy.Schubert@gems8.gov.bc.ca
Province of BC
"e**(i*pi)+1=0"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906302058.NAA00679>