Vulnerability Development mailing list archives
Re: History Files
From: dagon () DAGON NET (Mark Rafn)
Date: Sun, 16 Apr 2000 12:07:02 -0700
right. are we off-topic enough yet? Not that this message is going to make it any better.
Corwin J. Grey wrote:Force each user to use bash first of all, and don't allow them to change shells.
...
ln -s /root/history/bob /home/bob/.bash_history
On Sat, 15 Apr 2000, Michael Jennings wrote:
I don't suppose anyone realized that the user, having write permissions to his/her own home directory, could simply remove the soft link? Or move it out of the way?
I think most of us realize it. Using the user's shell to do the logging is always going to be problematic and difficult to enforce unless they're in a very very limited environment and have a rather customized shell. If you want the quick-fix, do the history symlink, tell users that changing it is not allowed, and fire people who evade your monitoring.
From a pure-technical end, even if you could find a way to keep them from
telling bash to log to a "safe" place, they can always do while :; do read x; eval $x; done and bash will not log what that loop does. If you want to do this right, do it with a sniffer. -- Mark Rafn dagon () dagon net <http://www.dagon.net/> !G
Current thread:
- Re: History Files, (continued)
- Re: History Files Crispin Cowan (Apr 15)
- Re: History Files Seth R Arnold (Apr 15)
- Re: History Files Omachonu Ogali (Apr 15)
- Re: History Files Corwin J. Grey (Apr 15)
- Re: History Files Corwin J. Grey (Apr 15)
- Re: History Files Omachonu Ogali (Apr 15)
- Re: History Files Corwin J. Grey (Apr 15)
- Re: History Files Gert-Jan Hagenaars (Apr 16)
- Re: History Files Bluefish (Apr 17)
- Re: History Files Omachonu Ogali (Apr 15)
- Re: History Files Michael Jennings (Apr 15)
- Re: History Files Mark Rafn (Apr 16)
- Alternative to historyfile logging. Joel Eriksson (Apr 17)
- Re: History Files Joel Eriksson (Apr 17)
- Re: History Files spiff (Apr 18)
- Re: History Files Corwin J. Grey (Apr 16)
- Re: History Files Michael Jennings (Apr 16)
- Cooments on the dvwssr.dll vulnerability threads Iván Arce (Apr 17)
- Re: History Files Senior Systems Administrator - Kris W. (Apr 16)
- quick dirty and most of all-easy process accounting via lkm Security Team (Apr 16)
- Re: History Files George Dodd (Apr 18)