It's OK that he plays with the network. I am using two net's and that one he's using isn't important. This can help me to see what he is trying to do, what a hacker does, etc. and more important how to act and correct. So, this is just a "demo" for me. It's real, but I can see that as a demo. So, if you want to help and participate (I give you all the info he is doing)... Thanks again, Ricardo -----Original Message----- From: Eduard Avetisyan [mailto:dich_ed@yahoo.com] Sent: Viernes, 30 de Mayo de 2003 06:34 To: Ricardo Toma; Ulrich Roth; suse-security@suse.com Subject: Re: AW: [suse-security] Log/Audit all user commands Dear friends, I followed this discussion a little bit, and here's my 2 cents: bash_history logs only commands one typed in bash. What if he changes to tcsh or whatever else? "Whatever else" includes also graphical helpers, like konqueror or nautilus that give you a lot of freedom to run or modify any files, while you can't log any actions... and tty sniffer won't help either. I agree with the statement that you don't have to let any intruder play with your machine, since it may well be that he HAS already installed sniffers (tty or network) and stuff like that, so any action you take now will be well known to him. So better really unplug the network, shut off the machine, boot from CD (if you'd like to trace back changes he made to your system), and reinstall... Good luck, Eduard __________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here