RE: AW: [suse-security] Log/Audit all user commands

["Ricardo" <rtoma@xxxxxxxxxxxx>]

It's OK that he plays with the network. I am using two net's and that
one he's using isn't important. This can help me to see what he is
trying to do, what a hacker does, etc. and more important how to act and
correct. So, this is just a "demo" for me. It's real, but I can see that
as a demo. So, if you want to help and participate (I give you all the
info he is doing)... Thanks again,

Ricardo



-----Original Message-----
From: Eduard Avetisyan [mailto:dich_ed@xxxxxxxxx] 
Sent: Viernes, 30 de Mayo de 2003 06:34
To: Ricardo Toma; Ulrich Roth; suse-security@xxxxxxxx
Subject: Re: AW: [suse-security] Log/Audit all user commands


Dear friends,

I followed this discussion a little bit, and here's my 2 cents:

bash_history logs only commands one typed in bash. What if he changes to
tcsh or whatever else? "Whatever else" includes also graphical helpers,
like konqueror or nautilus that give you a lot of freedom to run or
modify any files, while you can't log any actions... and tty sniffer
won't help either. 

I agree with the statement that you don't have to let any intruder play
with your machine, since it may well be that he HAS already installed
sniffers (tty or network) and stuff like that, so any action you take
now will be well known to him. So better really unplug the network, shut
off the machine, boot from CD (if you'd like  to trace back changes he
made to your system), and reinstall...

Good luck,
          Eduard

__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here