[clug] bash history > syslog working :)
steve jenkin
sjenkin at canb.auug.org.au
Tue Aug 5 12:51:50 GMT 2008
Daniel Pittman wrote on 5/8/08 10:27 AM:
> "Ron Trujillo" <ron.trujillo at critrade.com> writes:
> Yes: is it your intention that this information is captured for
> security, auditing or some other purpose where it actually /matters/
> that the user can prevent it being logged?
>
> If that is the case then you need to think again: this is absolutely not
> suitable. (For example, the user could remove the settings from bash,
> which would have the same effect without changing shells.)
>
> If you /really/ need to see each command run consider using some sort of
> appropriate tool. Otherwise, simply accept that many commands will
> never be visible to your remote logging.
>
> Regards,
> Daniel
What will absolutely work is a modified terminal server...
Everything in & out can be captured & timestamped, checksummed and
securely logged off-net.
Can't be tampered with - out of band (not on the system under control).
i.e. nobody can log directly into one of these controlled hosts, only
via your controlled access device, which I wouldn't give an visible IP
number... [there are some nice security appliances that scan packets
this way. They have 2 ethernet ports and even figure out for themselves
what is the 'hot side' and which isn't.]
Obvious this scheme only works with text-mode connections.
Remote Desktops & X-11 protocol - no idea.
You may replace the serial connection with an IP protocol, but same
thinking applies.
For telnet, you could even create something like a transparent web-proxy.
SSH can't be captured this way (man-in-the-middle) unless you move the
host certificates to the n or tell people 'just get over it' when they
see the warning message.
What's your budget??
Is Build or Buy mandated?
=> these questions will drive your solution.
Cyclades terminal servers would be an absolutely perfect platform for
this. [perhaps they do it already]
Can't hurt to ask them.
The price of flash memory is low - logging to a local flash card would
be nice.
Members of this list include some very astute security mavens.
They will shoot me down if I'm wrong.
HTH
sj
--
Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA
sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin
More information about the linux
mailing list