OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Geir Råness (geirdropzone.as)
Date: Tue Feb 05 2002 - 08:34:31 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Yes it is, thanks for it.
    I have seen the shell patches before but not the bash secure patch..
    :)

    Best Regards

    Geir Råness
    PulZ efnet

    ----- Original Message -----
    From: "Kerberus" <kerberusmicrobsd.net>
    To: "Geir Råness" <geirdropzone.as>
    Sent: Tuesday, February 05, 2002 3:51 PM
    Subject: Re: Reliable shell logs

    Hrmmm looks like the file i sent over!! : ))

    On Tue, 2002-02-05 at 08:20, Geir Råness wrote:
    > Yeah, i have put them up at www.pulz.no/files/freebsd/Logging
    > Read the readme files in them, and you probaly would find the url to the
    > folx who made the patches...
    >
    > You can infact remove an users right to change his shell, this you could
    do
    > by limiting the users access to chsh and so on, you could set it to wheel
    > group only.
    > Or you could remove the shell from the /etc/shells (i think).
    >
    > Best Regards
    >
    > Geir Råness
    > PulZ efnet
    >
    > ----- Original Message -----
    > From: "Roger 'Rocky' Vetterberg" <listsubrambo.simx.org>
    > To: "Geir Råness" <geirdropzone.as>
    > Cc: <petkofreebsd-bg.org>; <freebsd-securityFreeBSD.ORG>
    > Sent: Monday, February 04, 2002 11:43 PM
    > Subject: Re: Reliable shell logs
    >
    >
    > > Geir Råness wrote:
    > >
    > > > You always could set your users to the shell bash, that is patched
    with
    > the
    > > > "bofh" logging.
    > > > That's one way you could secure log your users, but it could be found.
    > > > It all depends on the intruder.
    > >
    > >
    > > Do you know where I could find this patch?
    > > I tried google.com/bsd and found a bounch of sh patches, but
    > > none for bash.
    > > And what stops the user from changing his shell? 'chsh'
    > > would let him change shell to csh, tcsh or whatever is
    > > available on the system, right? How can I prevent this?
    > >
    > > > This you can do something about however, you can have an locale log
    > server,
    > > > that the "shell" server sends the log to,
    > > > with upload access only.
    > > > So the intruder cant delete the logs, you probaly shuld make this
    server
    > an
    > > > local login only.
    > > >
    > > > Geir Råness
    > > > PulZ efnet
    > >
    > >
    > > --
    > > R
    > >
    > >
    > > To Unsubscribe: send mail to majordomoFreeBSD.org
    > > with "unsubscribe freebsd-security" in the body of the message
    > >
    > >
    >
    >
    >
    > To Unsubscribe: send mail to majordomoFreeBSD.org
    > with "unsubscribe freebsd-security" in the body of the message

    To Unsubscribe: send mail to majordomoFreeBSD.org
    with "unsubscribe freebsd-security" in the body of the message

    To Unsubscribe: send mail to majordomoFreeBSD.org
    with "unsubscribe freebsd-security" in the body of the message