Vulnerability Development mailing list archives
Re: History Files
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Sat, 15 Apr 2000 17:16:35 -0700
Shell logging is tricky, since so many things that can act as shells are laying around the typical system. syscall logging would be more complete, but may give a rougher picture of what's going on (i.e. compare a history file with truss output.) You could try some sort of tty logger, if the users aren't actively trying to avoid logging (they can always write their own net daemon that will exec stuff on behalf of the user, no tty involved.) I have a few questions about the syscall logging method.. It seems pretty clear that one could start logging syscalls at a particular PID, and pick up all the children as well. I know as root, I can easily run stuff that will pick up a ppid of 1. Does a typical end user have a way of ditching their parent id without busting root? Cron? At? Does the Orange Book address any of this? BB
Current thread:
- History Files audit (Apr 15)
- Re: History Files Tomas Westin (Apr 15)
- Re: History Files gavina () CSIS GVSU EDU (Apr 15)
- Re: History Files Dino Dai Zovi (Apr 15)
- Re: History Files Crispin Cowan (Apr 15)
- Re: History Files Rodrick Brown <System Administrator> (Apr 15)
- Re: History Files Tomas Westin (Apr 15)
- Re: History Files Blue Boar (Apr 15)
- Re: History Files audit (Apr 15)
- Re: History Files Blue Boar (Apr 15)
- Re: History Files Carson Gaspar (Apr 15)
- limited functionality accounts (was: Re: History Files) Marc Slemko (Apr 16)
- Re: limited functionality accounts (was: Re: History Files) Seth R Arnold (Apr 16)
- Re: limited functionality accounts (was: Re: History Files) Einar Indridason (Apr 26)
- Controlling a program's resource usage on Unix Bernie Cosell (Apr 16)
- Re: Controlling a program's resource usage on Unix Seth R Arnold (Apr 16)
- Re: Controlling a program's resource usage on Unix Isaac (Apr 21)
- Re: History Files Rodrick Brown <System Administrator> (Apr 15)
- Re: Controlling a program's resource usage on Unix Crispin Cowan (Apr 16)