Re: [PLUG] logging user activity

JP Vossen on 13 Aug 2009 13:58:40 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] logging user activity

From: JP Vossen <jp@jpsdomain.org>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] logging user activity

Date: Thu, 13 Aug 2009 16:58:34 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.22 (Windows/20090605)

> Date: Thu, 13 Aug 2009 16:24:25 -0400 > From: Paul DiSciascio <thenut@bytemonkey.net> > > The only way to really enforce logging of user activities is to use > some sort of restricted shell that enforces shell history and prevents > the user from modifying their profile/environment. But that is almost impossible to fully achieve. Will you allow use of vi? Bang, there's an escape hatch. And don't even get me started on Emacs. :-) > Your other option is to enable system auditing, which will allow you > to be a lot more granular with respect to what you log, but may be > overkill (or underkill) depending on what you're looking for. It also probably won't capture much user activity (i.e., keystrokes and such). The only way you can *almost* guarantee capturing all user activity is to modify the kernel to do so. There have been extensive technical discussions of why this is so on various HoneyPot/HoneyNet forums, since the goal of those projects is to allow machines to be cracked, then see what the bad guys do. So those guys have put a lot of thought and effort into the problem of user monitoring/logging. If you really care, that's where the answer are. But there are no trivial ways to do it well, esp. against moderately technical and/or malicious users. Later, JP ----------------------------|:::======|------------------------------- JP Vossen, CISSP |:::======| http://bashcookbook.com/ My Account, My Opinions |=========| http://www.jpsdomain.org/ ----------------------------|=========|------------------------------- "Microsoft Tax" = the additional hardware & yearly fees for the add-on software required to protect Windows from its own poorly designed and implemented self, while the overhead incidentally flattens Moore's Law. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] logging user activity
From: Paul DiSciascio <thenut@bytemonkey.net>

Prev by Date: Re: [PLUG] logging user activity

Next by Date: Re: [PLUG] logging user activity

Previous by thread: Re: [PLUG] logging user activity

Next by thread: Re: [PLUG] logging user activity

Index(es):

Date

Thread