Mailinglist Archive: opensuse-security (320 mails)

[Martin Peikert <lists@xxxxxxxxx>]

Hello Ricardo,

Ricardo Toma wrote:
> Fisrt: I answered privatly to <lists@xxxxxxxxx> because of an error. 

my name is Martin. Some people gave me other, emm, names I don't want to 
mention here, but you are the first calling me lists@xxxxxxxxxxxx

> I don't have the "sent emails" here in Yahoo. Maybe <lists@xxxxxxxxx>
>  would be so kind to resend my email to the list? I am sorry...

No problem. Here we go:

Ricardo Toma wrote:
> --- Martin Peikert <lists@xxxxxxxxx> escribió: > Ricardo Toma wrote
> > If he logs in from console, a tty sniffer would be interesting :)
>
> What's a tty sniffer?

A tty sniffer logs all outgoing commands from a console. Take a look at 
ttysnoop - see http://www.linuxhelp.ca/guides/ttysnoop/

> > If he's coming from outside, you may want to use 'tcpdump -s 0' or 
> > another fine sniffer to log all his activity.
>
> That's quite interesting but it's a little complicated to really
> 'see' what he is doing. And more if he uses SSH.

Right.

> Isn't there a already programmed app that simply logs all the user
> commands (better that history_bash) and saves it into a secure place?

No place on your box is secure if his uid is 0. Try to log to another 
host, if you're in a network.

> And that the user can't delete it? Or sends it by mail?

If he's inexpierienced, maybe 'chattr +a' would help to keep him from 
deleting logs...

> > Anyway, I wouldn't let him play with my box for a long time...

...remember, some seconds are enough to type 'cd /' and 'rm -fr *'.

Do us all a favour: unplug the fucking cable and rebuild from scratch.

HTH
GTi