|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: AW: [suse-security] Log/Audit all user commands
From: Ricardo Toma (rtoma
yahoo.com.ar)
Date: Wed May 28 2003 - 09:16:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thanks for your answer. Well, it's a good idea, but I
think it's too easey to discover it, delete or modify
the file...
--- Ulrich Roth <Rothimpact.de> escribió: > Hi
Ricardo,
>
> > Hi, I am having a little problem I need to solve
> > quickly. I have one intruder (long to explain now)
> > which edited the passwd file and set his user with
> 0
> > id (as root). I don't want to block him. I want to
> log
> > all his actions, moves, commands, etc. How can I
> do
> > that?
> If he didn't disable it or uses another shell, you
> can
> have a look at his ~/.bash_history.
> Bye
> Uli
> --
> Ulrich Roth
> IMPACT Business & Technology Consulting GmbH
> Im Mediapark 8 / KölnTurm
> D-50670 Koeln
> Phone +49-221-93 70 80-29
> Fax +49-221-93 70 80-15
> E-Mail: rothimpact.de
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail:
> suse-security-helpsuse.com
> Security-related bug reports go to securitysuse.de,
> not here
>
------------
Internet GRATIS es Yahoo! Conexión
4004-1010 desde Buenos Aires. Usuario: yahoo; contraseña: yahoo
Más ciudades: http://conexion.yahoo.com.ar
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]