On Tue, 18 Sep 2001, Roman Drahtmueller wrote:
man chattr. append only is of interest. also immutable. is there already a chattr for reiserFS? AFAIK only ext2 is supported.
Negative. It is an ext2 feature, not portable.
Logging inside a userspace program is useless. Users bring their own shell and the logging is gone, and even with the same shell used, the shell can be tricked into skipping the writing of a command history.
You'd have to do it differently. See the manual page of accton(8) for BSD process accounting in the kernel. Not that not all of the commandline is being logged, only the filename, but if you hack up the code in /usr/src/linux/kernel/acct.c and in the userspace utilities, it should do.
Yep. Kernel-land tools are the right ones, although acct(2) only works when the process calls exit(2). Programs killed with sigkill for example don't appear in the logs then. regards, Sebastian -- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer@suse.de - SuSE Security Team ~