Logging user activities
Pawel Jakub Dawidek
nick at garage.freebsd.pl
Fri Jan 9 06:06:39 PST 2004
On Tue, Jan 06, 2004 at 01:04:30PM -0800, Richard Bejtlich wrote:
+> They include using 'chflags sappnd .bash_history',
+> enabling process accounting, and the like.
+>
+> My goal is to "watch the watchers," i.e. watch for
+> abuse of power by SOC people with the ability to view
+> traffic captured by sniffers.
Just forget about those methods.
The only right way for such things is to monitor execve(2) syscall
on kernel level.
Look at:
http://garage.freebsd.pl/lrexec.README
http://garage.freebsd.pl/lrexec.tbz
--
Pawel Jakub Dawidek pawel at dawidek.net
UNIX Systems Programmer/Administrator http://garage.freebsd.pl
Am I Evil? Yes, I Am! http://cerber.sourceforge.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20040109/140b3a8e/attachment.bin
More information about the freebsd-security
mailing list