[olug] Sharing root priv, tracking what other root does
David Walker
linux_user at grax.com
Mon Dec 15 12:16:28 UTC 2003
Good point. Even if you removed all other shells they could still issue
commands directly using that method. (although if bash is patched then
/bin/sh, a symlink to bash on my system, should log also)
I'm glad I don't have any untrustworthy root users to deal with.
On Sunday 14 December 2003 09:22 pm, Daniel Linder wrote:
> Dave Walker:
> > I patch bash to log every command to syslog and then have it syslog
> > across the network. Especially nice for machines you don't log into very
> > often.
> >
> > If they're trying to be sneaky they can run a different shell but at
> > least the evidence that they are trying to be sneaky will be there.
>
> Just to play havoc with Daves security measures, but if the untrustworthy
> root user uses "vi" (well, vim on most Linux systems), they can then type
> in ":!/bin/sh" and go out to another shell...
>
> I like Daves aproach, but sadly it shows that for every step forward there
> is a step back... :(
>
> Dan
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
More information about the OLUG
mailing list