Security Basics mailing list archives
Re: login session transcript
From: xyberpix <xyberpix () xyberpix com>
Date: Wed, 29 Sep 2004 19:50:49 +0100
Hi Jonathan, Have you thought of using sudo, and then you can allow the vendor to do only what they need to. Get a list of commands that they need to use, and only allow them access to those commands. For more info man sudo. I've used this in the past for the same type of situation, and it worked like a charm. xyberpix On Tue, 2004-09-28 at 15:55, Jonathan C. Detert wrote:
Hello,
I need to give a vendor shell access to a freeBSD system I run,
and worse yet, I need to give them root access.
I want to know everything the vendor does while logged in.
I'm thinking of making the vendor's login shell be
'script -q -a <somefilename>'
but :
a) i don't want the vendor to be able to delete the logfile
b) it would be nice if the vendor wouldn't know his activity was being
logged
Does anyone have a better suggestion for me than to use script?
Does anyone have an idea how to address points a) and b) ?
Thanks
-- For Security and Open Source news: http://xyberpix.demon.co.uk
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- login session transcript Jonathan C. Detert (Sep 29)
- RE: login session transcript Alexandre Skyrme (Sep 30)
- Re: login session transcript Zachary Shay (Sep 30)
- Re: login session transcript Fabio Miranda Hamburger (Sep 30)
- Re: login session transcript xyberpix (Sep 30)
- Re: login session transcript Jonathan Loh (Sep 30)
- <Possible follow-ups>
- Re:login session transcript Ghaith Nasrawi (Sep 30)