[ale] User Monitor

Greg Sabino Mullane greg at turnstep.com
Wed Oct 3 10:34:23 EDT 2001



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> All of these suggestions to use .bash_history would be
> useful, but there is a problem. There isn't one being
> generated. Any idea why not? 

Keep in mind that the .bash_history is writeable by the 
user, so they are free to erase it or even selectively 
modify all they want. On some systems I log into, 
I don't want a bash_history at all, so I just issue a:

ln -s /dev/null ~/.bash_history

(there are certainyl other ways to stop the logging, but this 
one wins for style, IMO)

There are lots of other ways to monitor someone's connection. 
Looking at the .bash_history file will only catch the most 
naive, non-malicious users. Ones that know what they are doing 
will simply erase it. Ones that *really* know what they are 
doing will generate a false one. Other ways to monitor 
range from low-level nework/kernel monitoring, to writing 
scripts that monitor 'ps' output, to scripts that check for 
unusual entries such as directories named "...", etc. Paranoia 
is usually a good trait for a system admin, of course, but 
the usual system permissions will keep out most people.

Greg Sabino Mullane
greg at turnstep.com
PGP Key: 0x14964AC8 200110032231

-----BEGIN PGP SIGNATURE-----
Comment: http://www.turnstep.com/pgp.html

iQA/AwUBO7sh17ybkGcUlkrIEQJKfwCfTGS05WrstGDTwRsCIo3Qi1+RXHMAoLUe
ktQZTgusbTmHYTGH9Xna21YM
=Ty6Y
-----END PGP SIGNATURE-----






More information about the Ale mailing list