| 1 |
On Thu, 17 Jun 2004, Jason Qualkenbush wrote: |
| 2 |
> |
| 3 |
> As far as logging commands once someone gets a root shell, I did find |
| 4 |
> some info (if anyone is interested). First, there was syscalltrack |
| 5 |
> (http://syscalltrack.sourceforge.net/index.html) which seems to work, |
| 6 |
> but looks to be more like a debugging tool. |
| 7 |
> |
| 8 |
> I did find a bash shell patch called bash-bofh that logs all commands to |
| 9 |
> syslog. Though, I the only pages I seem to find are hacker oriented |
| 10 |
> pages and the homepage seems to raise backdoor questions |
| 11 |
> (http://www.ccitt5.net). Still, the bash-bofh is the closest to what I |
| 12 |
> seek so far. |
| 13 |
> |
| 14 |
> Anyone using a modified shell like this? |
| 15 |
> |
| 16 |
> -Jason |
| 17 |
|
| 18 |
My last company used it to keep programmers from making changes outside |
| 19 |
the change windows. Also it was handy to see what other admins had done |
| 20 |
on the box. Su to root and start checking the admin logs rather than |
| 21 |
dealing with a number of history files. |
| 22 |
|
| 23 |
Yes you can get around this sort of logging, but for a corporate |
| 24 |
environment where there is a bit of accountability it shouldn't be a |
| 25 |
problem. I don't believe bash-bofh was the exact version we used, but it |
| 26 |
was similar. |
| 27 |
|
| 28 |
kashani |
Archives