keystroke logging
richard childers / kg6hac
fscked at pacbell.net
Wed Jan 7 20:15:39 PST 2004
>
>
>What do you recommend for keeping track of user
>activities? For preserving bash histories I followed
>these recommendations:
>
>http://www.defcon1.org/secure-command.html
>
Interesting reading but, as others have noted, of limited use.
Keystroke logging can be disabled by - as others have noted - either
spawning another (perhaps different) shell, using a remote shell ... or,
for those embarrassing 'oops' moments, `kill -9 $$` works nicely. Try it
and see.
Daemonized Networking Services has produced a standalone server
configuration that uses a modified script(1) and .login to collect
keystroke logs; the target users are consultants, or companies, whom
administer highly secure networking equipment via serial links or
command-line interfaces, and whose own business files, or customers -
banks, say, or government agencies - require logs of what they did - for
purposes of auditing, disaster recovery, and liability-related issues.
This method captures every keystroke - including typos before hitting
RETURN - and cannot be sabotaged. As an added advantage, the logs can be
immediately, or subsequently, forwarded via electronic mail, so that
they are replicated in multiple places.
We also have a network server configuration that incorporates everything
described above, as well as an encrypted filesystem; although the
encrypted filesystem is optional, and there are some unresolved issues
related to backing up the contents - as well as recovering them - your
entire home directory, including your personal startup files, are
incorporated into the encrypted filesystem. Pretty cool; add a GUI,
maybe an office suite, and we think we can give Windows 2000 a run for
their money - in some quarters, at least. (Angel VCs are welcome;
development isn't cheap, here in the Bay Area.)
I mention this as a shameless plug for our products, which are based on
FreeBSD, as well as pursuant to the topic at hand; incidentally, freely
dispensing intellectual property that took years to acquire, in
exchange. (Gotta stop that.)
(You folks all signed NDAs, right?)
(-;
Regards,
-- richard
--
Richard Childers / Senior Engineer
Daemonized Networking Services
945 Taraval Street, #105
San Francisco, CA 94116 USA
[011.]1.415.759.5571
https://www.daemonized.com
More information about the freebsd-security
mailing list