[Gllug] Shutdown Stopped
Stig Brautaset
stigbrau at start.no
Sat Oct 19 15:23:00 UTC 2002
On Oct 19 2002, Dean wrote:
> ---- Original Message -----
> From: "Walid Shaari" <walid at melinux.com>
> > > retrive them from $UID but its handeled by a process that really is
> root
> > > (Doh! Should have realised that) so that fails.
>
> > I have read somewhere that the honeynet project uses a customized bash
> > to enable key logging, it is an overkill but it is one of the host
> > security audit tools
>
> Last time i looked at the honeynet project they had a nice little
> arrangement where all bash commands were sent out via syslog to a hardened
> syslog server as well as being locally logged so they had an off the box
> record.
>
> In this case i'll agree that its overkill. I'll just have to parse some
> logs and work out who did it whenever it happens.
To get an approximate, you can run `w'. The person with zero idle time
(or, the shortest) is likely to be the culprit. It's the best my rather
limited knowledge of sysadmining can come up with...
Stig
--
brautaset.org
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list