Re: [suse-security] Command history (fwd)
a much better thing to do if you really want to snoop on people is to get tty snoop, available at ftp://ftp.innet.be/pub/staff/carl/ttysnoop-0.12d.tar.gz description of ttysnoop: "TTYSnoop allows you to snoop on login tty's through another tty-device or pseudo-tty. The snoop-tty becomes a 'clone' of the original tty, redirecting both input and output from/to it." as far as the moral issues are concerned, your machine is your territory, and as long as that is clear to the users, you can snoop on them all you want. my motd says "this is a production machine. it is constantly monitored. and your presence, as well as all your actions on the system, are logged for security purposes." Max Gribov System Administrator Knowledge Propulsion Laboratories www.kplab.com On Wed, 16 Aug 2000, [ISO-8859-1] Peter M�nster wrote:
On Wed, 16 Aug 2000, Sridhar wrote:
i've written a script that logs all the commands execurited by a user, his terminal, the time, the direcotry... i dont use the bash_history but the history itself. now the question is will the history be reliable, will it be moreuseful than .bash_history , will it be legal. also because the script is execurted as the user itself, i'm forced to append the command history to a file which has chattr +a attribute set. so the user can put anything in the file. any ideas to make it stealthy ?, btw, i'm using prompt_command varialble.
Hello cheedu (or Sridhar), I don't know if this is legal, but some little thoughts about the other points: - a webcam behind the terminal (hidden of course) is also a very good choice ;) - who will read /tmp/comlog, you have already enough in /var/log - if someone gets root and forgot to look into the environment (HISTFILE etc), the you can get him just by his .bash_histfile. If he is not too bad, he will delete his traces, all. - you can execute commands also via a lot of applications (X-clients etc), that don't leave traces like in histfile etc
R�sum�: don't do it, it's not useful, and nobody likes the "Big Brother"
Cheers, Peter
-- Peter M�nster http://w3pm.stormloader.com/
*** Sign now: http://petition.eurolinux.org/ ***
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
hi i got ttysnoop, but how do i configure it ? thanx in advance cheedu On Wed, 16 Aug 2000, max wrote:
a much better thing to do if you really want to snoop on people is to get tty snoop, available at ftp://ftp.innet.be/pub/staff/carl/ttysnoop-0.12d.tar.gz description of ttysnoop: "TTYSnoop allows you to snoop on login tty's through another tty-device or pseudo-tty. The snoop-tty becomes a 'clone' of the original tty, redirecting both input and output from/to it."
as far as the moral issues are concerned, your machine is your territory, and as long as that is clear to the users, you can snoop on them all you want. my motd says "this is a production machine. it is constantly monitored. and your presence, as well as all your actions on the system, are logged for security purposes."
Max Gribov System Administrator
Knowledge Propulsion Laboratories www.kplab.com
On Wed, 16 Aug 2000, [ISO-8859-1] Peter M�nster wrote:
On Wed, 16 Aug 2000, Sridhar wrote:
i've written a script that logs all the commands execurited by a user, his terminal, the time, the direcotry... i dont use the bash_history but the history itself. now the question is will the history be reliable, will it be moreuseful than .bash_history , will it be legal. also because the script is execurted as the user itself, i'm forced to append the command history to a file which has chattr +a attribute set. so the user can put anything in the file. any ideas to make it stealthy ?, btw, i'm using prompt_command varialble.
Hello cheedu (or Sridhar), I don't know if this is legal, but some little thoughts about the other points: - a webcam behind the terminal (hidden of course) is also a very good choice ;) - who will read /tmp/comlog, you have already enough in /var/log - if someone gets root and forgot to look into the environment (HISTFILE etc), the you can get him just by his .bash_histfile. If he is not too bad, he will delete his traces, all. - you can execute commands also via a lot of applications (X-clients etc), that don't leave traces like in histfile etc
R�sum�: don't do it, it's not useful, and nobody likes the "Big Brother"
Cheers, Peter
-- Peter M�nster http://w3pm.stormloader.com/
*** Sign now: http://petition.eurolinux.org/ ***
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- ***** cogito cogito ergo cogito sum: i think that i think, therefore i think that i am. --Devils Dictionary --
participants (2)
-
max -
Sridhar