Security Basics mailing list archives
Re:login session transcript
From: "Ghaith Nasrawi" <libero () aucegypt edu>
Date: Wed, 29 Sep 2004 17:44:39 +0000
It will be hard to tap the wire and dump the traffic on a second machine if you will be giving them an SSH account since the entire sessions would be encrypted. However, if you'd go for a telnet access, you can connect both machines to a hub, configure the second machine to sniff the traffic passively and keep the dumps for review. If you are still paranoid of the possibility of attacking the second machine, keep the wires that send traffic from vendor machine to the sniffing machine and cut the wires that send the traffic the other way around. for a host-based solution, I can't think of any in the moment, except if you are thinking of back-dooring your system! ---------- Initial Header -----------
From : "Jonathan C. Detert" detertj () msoe edu
To : security-basics () securityfocus com Cc : Date : Tue, 28 Sep 2004 09:55:47 -0500 Subject : login session transcript
Hello, I need to give a vendor shell access to a freeBSD system I run, and worse yet, I need to give them root access. I want to know everything the vendor does while logged in. I'm thinking of making the vendor's login shell be 'script -q -a <somefilename>' but : a) i don't want the vendor to be able to delete the logfile b) it would be nice if the vendor wouldn't know his activity was being logged Does anyone have a better suggestion for me than to use script? Does anyone have an idea how to address points a) and b) ? Thanks -- Happy Landings, Jon Detert IT Systems Administrator, Milwaukee School of Engineering 1025 N. Broadway, Milwaukee, Wisconsin 53202
Current thread:
- login session transcript Jonathan C. Detert (Sep 29)
- RE: login session transcript Alexandre Skyrme (Sep 30)
- Re: login session transcript Zachary Shay (Sep 30)
- Re: login session transcript Fabio Miranda Hamburger (Sep 30)
- Re: login session transcript xyberpix (Sep 30)
- Re: login session transcript Jonathan Loh (Sep 30)
- <Possible follow-ups>
- Re:login session transcript Ghaith Nasrawi (Sep 30)