Potential Patch

Phil Dibowitz phil at usc.edu
Tue Jul 27 11:50:14 EST 2004


On Tue, Jul 27, 2004 at 11:11:15AM +1000, Darren Tucker wrote:
> Phil Dibowitz wrote:
> >On Sat, Jul 24, 2004 at 05:56:25PM +0200, Sergio Gelato wrote:
> >>Do you also log all input to the command? If not, what does this extra 
> >>logging
> >>buy you over ordinary process accounting?
> >
> >Yes. That's all in the 'cmd' variable which is logged.
> 
> And if someone does, eg,
> echo "(cd /tmp; ls)" | ssh yourserver /bin/sh

Then the security folks would see 'sh' and go to the pacct or auditd logs.

Its not fool proof, but they find it makes their jobs easier, its more often
they can look in only once place, I guess.

I don't do security auditing, I just added the feature they requested.


-- 
Phil Dibowitz
Systems Architect and Administrator
Enterprise Infrastructure / ISD / USC
UCC 174 - 213-821-5427

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040726/e2a8f1d9/attachment.bin 


More information about the openssh-unix-dev mailing list