Root access loggin
feargal at fbi.ie
Wed Jul 25 10:44:23 UTC 2007
> Exactly, I don't know what needs to be done, and they don't
> neither. That's why they need to browse around trying to
> figure out why their installer doesn't work.
> Sudo wouldn't be any help here cause I would need to pre
> approve commands and I don't know which one will be needed.
> Basically, I don't there there is a better solution then
> giving away the root password, but at least, I would like a
> log of what has been done.
> Naturally, I understand any log could be overwritten/modified
> since the person is root, but since I don't think Zend would
> make fun in hacking my server, the point in having the log is
> to undo anything I wouldn't approve ..
You may want to have a look at shells/tcsh-bofh - it installs a
patched tcsh shell in /usr/local/bin which logs all commands to
the USER syslog facility . Set both their user and root's shell
to that tcsh (or copy over the system tcsh) and you'll have a
log of all their commands, provided they don't run another
shell, something you'll just have to instruct them on. Tell them
you'll consider it trespassing if they use another shell.
As far as protecting logs, securelevels will offer some degree
of protection. If you set syslog to log user.* to a seperate
file, and then set the sappnd and sunlnk flags, then the file
can only be appended to. If you then raise your securelevel to
1, these flags can not be removed. If you're being that
paranoid, you'll want to set flags on syslog.conf as well, so
the facility can't be changed.
I haven't actually tried any of the above, so your mileage will
Feargal Reilly, Chief Techie, FBI.
PGP Key: 0xBD252C01 (expires: 2006-11-30)
Web: http://www.fbi.ie/ | Tel: +353.14988588 | Fax: +353.14988489
Communications House, 11 Sallymount Avenue, Ranelagh, Dublin 6.
More information about the freebsd-questions