1 |
On Thu, 17 Jun 2004, Jason Qualkenbush wrote: |
2 |
> |
3 |
> As far as logging commands once someone gets a root shell, I did find |
4 |
> some info (if anyone is interested). First, there was syscalltrack |
5 |
> (http://syscalltrack.sourceforge.net/index.html) which seems to work, |
6 |
> but looks to be more like a debugging tool. |
7 |
> |
8 |
> I did find a bash shell patch called bash-bofh that logs all commands to |
9 |
> syslog. Though, I the only pages I seem to find are hacker oriented |
10 |
> pages and the homepage seems to raise backdoor questions |
11 |
> (http://www.ccitt5.net). Still, the bash-bofh is the closest to what I |
12 |
> seek so far. |
13 |
> |
14 |
> Anyone using a modified shell like this? |
15 |
> |
16 |
> -Jason |
17 |
|
18 |
My last company used it to keep programmers from making changes outside |
19 |
the change windows. Also it was handy to see what other admins had done |
20 |
on the box. Su to root and start checking the admin logs rather than |
21 |
dealing with a number of history files. |
22 |
|
23 |
Yes you can get around this sort of logging, but for a corporate |
24 |
environment where there is a bit of accountability it shouldn't be a |
25 |
problem. I don't believe bash-bofh was the exact version we used, but it |
26 |
was similar. |
27 |
|
28 |
kashani |