Security Basics mailing list archives

Re: login session transcript

From: Jonathan Loh <kj6loh () yahoo com>
Date: Wed, 29 Sep 2004 13:45:41 -0700 (PDT)

First off let me reiterate.  You should seriously rethink your decision.  But
if you must, then consider logging to a second machine.  A machine that is not
important, since this would also lead to a possible compromise of that machine.
   
But, remember you are giving root away, so they can easily redirect the logs
from your server somewhere else other than the second machine.
--- "Jonathan C. Detert" <detertj () msoe edu> wrote:

Hello,

I need to give a vendor shell access to a freeBSD system I run,
and worse yet, I need to give them root access.
I want to know everything the vendor does while logged in.

I'm thinking of making the vendor's login shell be

        'script -q -a <somefilename>'

but :

a) i don't want the vendor to be able to delete the logfile

b) it would be nice if the vendor wouldn't know his activity was being
   logged

Does anyone have a better suggestion for me than to use script?
Does anyone have an idea how to address points a) and b) ?

Thanks
-- 
Happy Landings,

Jon Detert
IT Systems Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202




        
                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail

Current thread:

login session transcript Jonathan C. Detert (Sep 29)
- RE: login session transcript Alexandre Skyrme (Sep 30)
- Re: login session transcript Zachary Shay (Sep 30)
- Re: login session transcript Fabio Miranda Hamburger (Sep 30)
- Re: login session transcript xyberpix (Sep 30)
- Re: login session transcript Jonathan Loh (Sep 30)
- <Possible follow-ups>
- Re:login session transcript Ghaith Nasrawi (Sep 30)