Yeah, I wasn't wanting to do that, but....desperate times...
I came accross BASHA (BASH For Audit) at freshmeat, I will try this first.
Dunno how I missed it on previous turns, hmmm. So it is...
For those interested, I have tried rootsh slipped into /etc/shells and
/etc/passwd; worked perfectly except for incoming scp, throws an error,
which basically screams to the user "keylogger on ya!" lol. Though it is
mentioned in motd "advanced logging features ;)" lol
also tried,
Vlogger from thc.org is for 2.4 kernels, so that one wasn't an option ;(
ttyrec isn't silent, and snoopy throws compile time errors I wasn't able to
get around...
okay, basha || patch bash (config.h 1st)
any other idears?
--eddie
>From: bryanm@acsalaska.net
>Reply-To: bryanm@acsalaska.net
>To: aklug@aklug.org
>Subject: Re: turning off history -c
>Date: Wed, 23 Nov 2005 06:51:34 -0900
>
>On Wed, Nov 23, 2005 at 02:29:08AM -0900, captgoodnight captgoodnight
><captgoodnight@hotmail.com> wrote:
> >
> > The last gotcha that i can see is the history -c, grrrr, can't wrap it
>cause
> > of builtin...
> >
> > ideas? any other methods? The reason I'm doing this is because of a
> > "certain" user ;)
>
>Easy -- patch bash. :)
>
>--
>Bryan Medsker
>bryanm@acsalaska.net
>
>---------
>To unsubscribe, send email to <aklug-request@aklug.org>
>with 'unsubscribe' in the message body.
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Nov 23 12:01:10 2005
This archive was generated by hypermail 2.1.8 : Wed Nov 23 2005 - 12:01:10 AKST