Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: login session transcript

from [Jonathan Loh] Network Security [Permanent Link]
Subject: Re: login session transcript
Date: Wed, 29 Sep 2004 13:45:41 -0700 (PDT) 
First off let me reiterate.  You should seriously rethink your decision.  But
if you must, then consider logging to a second machine.  A machine that is not
important, since this would also lead to a possible compromise of that machine.
   
But, remember you are giving root away, so they can easily redirect the logs
from your server somewhere else other than the second machine.
--- "Jonathan C. Detert" <detertj@msoe.edu> wrote:


Hello,

I need to give a vendor shell access to a freeBSD system I run,
and worse yet, I need to give them root access.
I want to know everything the vendor does while logged in.

I'm thinking of making the vendor's login shell be

        'script -q -a <somefilename>'

but :

a) i don't want the vendor to be able to delete the logfile

b) it would be nice if the vendor wouldn't know his activity was being
   logged

Does anyone have a better suggestion for me than to use script?
Does anyone have an idea how to address points a) and b) ?

Thanks
-- 
Happy Landings,

Jon Detert
IT Systems Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202





        
                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Something new in my inbox, Chris Santerre
Next by Date:  Re: Client End Firewalls, David Parsons
Previous by Thread:  Re: login session transcript, xyberpix
Next by Thread:  Re:login session transcript, Ghaith Nasrawi
Indexes:  [Date] [Thread] [Top] [All Lists]