[SunHELP] Root Passwd
Kovalev, Ivan
sunhelp at sunhelp.org
Fri Jun 22 11:40:36 CDT 2001
Since script works in subshell, when user types "exit" it brings him/her to
regular (not logged ) shell. Also, start / stop of scripting notification
along with log file location go to user's screen. If you try to redirect
output somewhere else, user session will hung.
Ivan
-----Original Message-----
From: Lund, Dennis [mailto:Dennis.Lund at sciatl.com]
Sent: Friday, June 22, 2001 10:56 AM
To: 'sunhelp at sunhelp.org'
Subject: RE: [SunHELP] Root Passwd
One way to find out what the user is up to would be to write a script like
this:
#!/bin/ksh
#
# This script is intended to log user command line activities.
# It will start the "script" command when a user opens a command terminal
# or xterm and log all commands that are typed in that window.
#
DATE=`date '+%m%d%y%H%M%n'`
UACCNT=`who -m | awk '{print $1}'`
PORTNUM=`who -m | awk '{print $2}' | cut -c1,2,3,5,6`
print $PORTNUM
FRHOST=`who -m | grep -v grep | grep <username> | cut -c39-59 | sed s/\)//`
LOG1=/var/adm/.script_log
print "Log in from:" > $LOG1/$UACCNT.$PORTNUM.$FRHOST.$DATE
/usr/bin/who -m >> $LOG1/$UACCNT.$PORTNUM.$FRHOST.$DATE
print "\n" >> $LOG1/$UACCNT.$PORTNUM.$FRHOST.$DATE
/usr/bin/script -a $LOG1/$UACCNT.$PORTNUM.$FRHOST.$DATE
Add a line to the end of the users .profile and the script will log
everything the use does
to the log file. Try to hide the log file to make it more difficult for the
user to find it. You can
even have it log to a remote machine.
You can modify this script to alert you as soon as the user logs in so you
can
tail the log file if you wish.
Dennis L. Lund
-----Original Message-----
From: Lund, Dennis [mailto:Dennis.Lund at sciatl.com]
Sent: Friday, June 22, 2001 8:58 AM
To: 'sunhelp at sunhelp.org'
Subject: RE: [SunHELP] Root Passwd
I would have to agree with this 100%. If the person is not
cooperating, take it to management. A breach of security like
this is totally unacceptable.
Dennis L. Lund
-----Original Message-----
From: Przyjazny, Martin [ mailto:martin.przyjazny at eds.com
<mailto:martin.przyjazny at eds.com> ]
Sent: 21 June 2001 14:11
To: 'sunhelp at sunhelp.org'
Subject: RE: [SunHELP] Root Passwd
Or instead of perpetuating the non-cooperative spirit,
talk to him frankly, and involve management.
The sysadmin IS management.
>From a sysadmin point of view there are limits to what a user is and isn't
allowed to do.
DIY privilege elevation is strictly on the "DO NOT" list. The user has
already proved to be
uncooperative by not handing over the script/binary.
In most organisations such behaviour warrants disciplinary action. If one of
your users compromises a system that you run what would your reaction be? A
polite, "please don't do that", isn't what's in the books. I think most
admins would use, "You're fired!"
I may sound harsh but I don't think I'm being unreasonable.
MetaPack
The Lightwell
12/16 Laystall Street
Clerkenwell
London EC1R 4PF
Tel: +44 (0) 20 7843 6720
Fax: +44 (0) 20 7843 6721
--------------------------------------------------------------------------
This email is confidential and proprietary;
all information contained in it must be used only by the addressee in
accordance with MetaPack's terms of business and non-disclosure agreement.
Disclosure, copying, and distribution to, or use by, anyone other than the
intended recipient is strictly prohibited and may be unlawful.
_______________________________________________
SunHELP maillist - SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp
<http://www.sunhelp.org/mailman/listinfo/sunhelp>
- - - - - - - Appended by Scientific-Atlanta, Inc. - - - - - - -
EN-US; mso-bidi-language: AR-SA; BR>: 'Times New Roman'">This e-mail and any
attachments may contain information which is confidential, proprietary,
privileged or otherwise protected by law. The information is solely intended
for the named addressee (or a person responsible for delivering it to the
addressee). If you are not the intended recipient of this message, you are
not authorized to read, print, retain, copy or disseminate this message or
any part of it. If you have received this e-mail in error, please notify the
sender immediately by return e-mail and delete it from your computer.
More information about the SunHELP
mailing list