Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: login session transcript

from [Alexandre Skyrme] Network Security [Permanent Link]
Subject: RE: login session transcript
Date: Wed, 29 Sep 2004 14:43:33 -0300 

Greetings Jonathan,

Your best bet would probably be to use SUDO instead of giving the vendor
direct access to the root account. Using SUDO you'll not only be able to
restrict the vendor's privileges but also generate an audit trail of his
actions. Besides it would require the vendor to specify exacly what
privileges he would effectively need.

Altering the user's shell or similar controls could be easily detected and
circumvented by the vendor, in case he desired to do so. You must rely on
mechanisms which cannot be compromised by using the privileged root account.
Even a trusted sitter (auditor) besides the vendor would probably be more
adequate.

In case you'd rather stick with your solution, one tool that might help you
is ttyrec (http://namazu.org/~satoru/ttyrec).

Regards,
--
Alexandre Skyrme
Cipher - Segurança da Informação
+55-21-2529-2629
www.ciphersec.com.br
 
Esta mensagem eletrônica pode conter informações privilegiadas e/ou
confidenciais, portanto fica o seu receptor notificado de que qualquer
disseminação, distribuição ou cópia não autorizada é estritamente proibida.
Se você recebeu esta mensagem indevidamente ou por engano, por favor,
informe este fato ao remetente e a apague de seu computador imediatamente.

This e-mail message may contain legally privileged and/or confidential
information, therefore, the recipient is hereby notified that any
unauthorized dissemination, distribution or copying is strictly prohibited.
If you have received this e-mail message inappropriately or accidentally,
please notify the sender and delete it from your computer immediately.



-----Original Message-----
From: Jonathan C. Detert [mailto:detertj@msoe.edu] 
Sent: terça-feira, 28 de setembro de 2004 11:56
To: security-basics@securityfocus.com
Subject: login session transcript


Hello,

I need to give a vendor shell access to a freeBSD system I run, and worse
yet, I need to give them root access. I want to know everything the vendor
does while logged in.

I'm thinking of making the vendor's login shell be

        'script -q -a <somefilename>'

but :

a) i don't want the vendor to be able to delete the logfile

b) it would be nice if the vendor wouldn't know his activity was being
   logged

Does anyone have a better suggestion for me than to use script? Does anyone
have an idea how to address points a) and b) ?

Thanks
-- 
Happy Landings,

Jon Detert
IT Systems Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Hard Drive data security, Paul Kurczaba
Next by Date:  Re: Qs Regarding DNS, John R. Morris
Previous by Thread:  login session transcript, Jonathan C. Detert
Next by Thread:  Re: login session transcript, Zachary Shay
Indexes:  [Date] [Thread] [Top] [All Lists]