[ale] User Monitor
Greg Sabino Mullane
greg at turnstep.com
Wed Oct 3 10:34:23 EDT 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> All of these suggestions to use .bash_history would be
> useful, but there is a problem. There isn't one being
> generated. Any idea why not?
Keep in mind that the .bash_history is writeable by the
user, so they are free to erase it or even selectively
modify all they want. On some systems I log into,
I don't want a bash_history at all, so I just issue a:
ln -s /dev/null ~/.bash_history
(there are certainyl other ways to stop the logging, but this
one wins for style, IMO)
There are lots of other ways to monitor someone's connection.
Looking at the .bash_history file will only catch the most
naive, non-malicious users. Ones that know what they are doing
will simply erase it. Ones that *really* know what they are
doing will generate a false one. Other ways to monitor
range from low-level nework/kernel monitoring, to writing
scripts that monitor 'ps' output, to scripts that check for
unusual entries such as directories named "...", etc. Paranoia
is usually a good trait for a system admin, of course, but
the usual system permissions will keep out most people.
Greg Sabino Mullane
greg at turnstep.com
PGP Key: 0x14964AC8 200110032231
-----BEGIN PGP SIGNATURE-----
Comment: http://www.turnstep.com/pgp.html
iQA/AwUBO7sh17ybkGcUlkrIEQJKfwCfTGS05WrstGDTwRsCIo3Qi1+RXHMAoLUe
ktQZTgusbTmHYTGH9Xna21YM
=Ty6Y
-----END PGP SIGNATURE-----
More information about the Ale
mailing list