[olug] Sharing root priv, tracking what other root does

Daniel Linder dan at linder.org
Mon Dec 15 03:22:58 UTC 2003


Dave Walker:
> I patch bash to log every command to syslog and then have it syslog across
> the network.  Especially nice for machines you don't log into very often.
>
> If they're trying to be sneaky they can run a different shell but at least
> the evidence that they are trying to be sneaky will be there.

Just to play havoc with Daves security measures, but if the untrustworthy
root user uses "vi" (well, vim on most Linux systems), they can then type
in ":!/bin/sh" and go out to another shell...

I like Daves aproach, but sadly it shows that for every step forward there
is a step back... :(

Dan


More information about the OLUG mailing list