[olug] Sharing root priv, tracking what other root does
Thomas D. Harrison
id4spam at cox.net
Mon Dec 15 04:17:31 UTC 2003
Remember, it isn't that the person is untrustworthy, only likely to make
some kind of error. It seems unlikely that he would resort to being
"sneaky" everytime he started typing commands in.
Where else can you enter commands from?
vi , more , less, sqlplus, webmin
(?) elm, pine, emacs, (?)
It would be a pretty useful list to have laying around.
Thom
Daniel Linder wrote:
> Dave Walker:
>
>>I patch bash to log every command to syslog and then have it syslog across
>>the network. Especially nice for machines you don't log into very often.
>>
>>If they're trying to be sneaky they can run a different shell but at least
>>the evidence that they are trying to be sneaky will be there.
>
>
> Just to play havoc with Daves security measures, but if the untrustworthy
> root user uses "vi" (well, vim on most Linux systems), they can then type
> in ":!/bin/sh" and go out to another shell...
>
> I like Daves aproach, but sadly it shows that for every step forward there
> is a step back... :(
>
> Dan
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>
More information about the OLUG
mailing list