Vulnerability Development mailing list archives
Re: History Files
From: dr () DURSEC COM (Dragos Ruiu)
Date: Sat, 15 Apr 2000 19:24:40 -0700
On Sat, 15 Apr 2000, Crispin Cowan wrote:
audit wrote:I would like to have what they type logged to /root/history/$user_historyEspecially cleaver users intent on hiding will name their modified shell "vi" or "rn" :-)
Especially clever users will just use the real vi, or rn or another program that allows shell escapes without having to hide anything that can be found. ":!export HISTFILE=/dev/null;...." or ":!ash" You would have to secure any program that allows user controlled exec's and remove all compilers, perl interpreters and so on, ad nauseum. IMHO the process accounting or piping everyone through some sort of logging ptys would be the only feasible ways to pseudo-reliably do this. Bash_history is a good aid, but likely a poor primary security mechanism. cheers, --dr -- dursec.com / kyx.net - we're from the future http://www.dursec.com learn kanga-foo from security experts: CanSecWest - May 10-12 Vancouver Speakers: Ron Gula/NSW, Ken Williams/E&Y, Marty Roesch/Hiverworld, Fyodor/insecure.org, RainForestPuppy/wiretrip.net, Theo de Raadt/OpenBSD
Current thread:
- Re: Controlling a program's resource usage on Unix, (continued)
- Re: Controlling a program's resource usage on Unix Seth R Arnold (Apr 16)
- Re: Controlling a program's resource usage on Unix Isaac (Apr 21)
- Re: Controlling a program's resource usage on Unix Crispin Cowan (Apr 16)
- Re: Controlling a program's resource usage on Unix Matej Kovac (Apr 17)
- Re: Controlling a program's resource usage on Unix Pavel Kankovsky (Apr 18)
- Re: History Files David Taylor (Apr 16)
- Re: History Files Boris Sagadin (Apr 17)
- Fwd: RAZOR Analysis of dvwssr.dll Blue Boar (Apr 17)
- Re: History Files iconoclast (Apr 18)
- Re: History Files Bluefish (Apr 19)
- Re: History Files Crispin Cowan (Apr 15)
- Re: History Files Corwin J. Grey (Apr 15)
- Re: History Files Omachonu Ogali (Apr 15)
- Re: History Files Corwin J. Grey (Apr 15)
- Re: History Files Gert-Jan Hagenaars (Apr 16)
- Re: History Files Bluefish (Apr 17)