Well, there is another effectively similar, but probably less
trackable way of doing the same.
A user can run his own ssh daemon on a different (high-numbered) port,
thus allowing himself to login without using the system's daemon.
Since that user can configure the daemon so that no records are added to
wtmp/utmp, and no logging is done to the system log.

You can forbid running daemons by a policy, but it's rather difficult
to make that completely impossible.

Well, the point of this message is just to remind, that, as Kris said,
there are many different things for an admin to remember.

Igor

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]