Logging user activities
Richard Bejtlich
richard_bejtlich at yahoo.com
Tue Jan 6 13:04:35 PST 2004
Hello,
What do you recommend for keeping track of user
activities? For preserving bash histories I followed
these recommendations:
http://www.defcon1.org/secure-command.html
They include using 'chflags sappnd .bash_history',
enabling process accounting, and the like.
My goal is to "watch the watchers," i.e. watch for
abuse of power by SOC people with the ability to view
traffic captured by sniffers.
I plan to use sudo to limit and audit user activities
too. I may also try some of the patches to bash
listed at project.honeynet.org which send keystrokes
to a remote server. Hardware keystroke logging is
always a possibility.
For more, should I turn to TrustedBSD integration in a
future 5.x release?
Thank you,
Richard Bejtlich
http://www.taosecurity.com
__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus
More information about the freebsd-security
mailing list