User Monitoring

[Norberto Meijome]

On Tue, 6 Feb 2007 14:09:55 +0800
David Schulz <mailinglists at tca-cable-connector.com> wrote:

> Hello all,
> 
> i would like to provide a SSH Login for selected people on a  
> dedicated Machine, to be a little bit of a playground to some who  
> dont have any Unix experience and so on.
> 
> Without a doubt i will get the one or the other trying to do  
> something nasty to the Box, so my question is how to keep track of  
> what Users are doing? Using process accounting as described http:// 
> www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security- 
> accounting.html in the handbook?
> 
> Can you share some easy to implement tricks to keep the worst from  
> happening to my Machine?

Hello :)
I think you really have 2 issues : 
1) how to prevent them breaking havoc on your machine.
2) how to know what they are doing.

2) : answered on the other posts.

1) normal users shouldn't have access to break many things (nothing system
related actually)..but, since paranoid we must be, why not just install a jail
(or set of jails if you want to provide for maximum separation) and give them
access to the jails ? They'll be able to do most stuff a newbie would do (and
an advanced user too :) ) , and u can even give them root in the jail :).

Best,


_________________________
{Beto|Norberto|Numard} Meijome

What you are afraid to do is a clear indicator of the next thing you need to do.

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.