Re:login session transcript

["Ghaith Nasrawi" <libero () aucegypt edu>]

It will be hard to tap the wire and dump the traffic on a second
machine if you will be giving them an SSH account since the entire
sessions would be encrypted. However, if you'd go for a telnet access,
you can connect both machines to a hub, configure the second machine
to sniff the traffic passively and keep the dumps for review. If you
are still paranoid of the possibility of attacking the second machine,
keep the wires that send traffic from vendor machine to the sniffing
machine and cut the wires that send the traffic the other way around.

for a host-based solution, I can't think of any in the moment, except
if you are thinking of back-dooring your system!

---------- Initial Header -----------

> From      : "Jonathan C. Detert" detertj () msoe edu
To          : security-basics () securityfocus com
Cc          :
Date      : Tue, 28 Sep 2004 09:55:47 -0500
Subject : login session transcript

> Hello,
>
> I need to give a vendor shell access to a freeBSD system I run,
> and worse yet, I need to give them root access.
> I want to know everything the vendor does while logged in.
>
> I'm thinking of making the vendor's login shell be
>
>         'script -q -a <somefilename>'
>
> but :
>
> a) i don't want the vendor to be able to delete the logfile
>
> b) it would be nice if the vendor wouldn't know his activity was being
>    logged
>
> Does anyone have a better suggestion for me than to use script?
> Does anyone have an idea how to address points a) and b) ?
>
> Thanks
> --
> Happy Landings,
>
> Jon Detert
> IT Systems Administrator, Milwaukee School of Engineering
> 1025 N. Broadway, Milwaukee, Wisconsin 53202