Logging user activities

Richard Bejtlich richard_bejtlich at yahoo.com
Tue Jan 6 13:04:35 PST 2004


Hello,

What do you recommend for keeping track of user
activities?  For preserving bash histories I followed
these recommendations:

http://www.defcon1.org/secure-command.html

They include using 'chflags sappnd .bash_history',
enabling process accounting, and the like.  

My goal is to "watch the watchers," i.e. watch for
abuse of power by SOC people with the ability to view
traffic captured by sniffers.

I plan to use sudo to limit and audit user activities
too.  I may also try some of the patches to bash
listed at project.honeynet.org which send keystrokes
to a remote server.  Hardware keystroke logging is
always a possibility.

For more, should I turn to TrustedBSD integration in a
future 5.x release?

Thank you,

Richard Bejtlich
http://www.taosecurity.com

__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus


More information about the freebsd-security mailing list