[plug] Community H at X0Rs

Christian christian at amnet.net.au
Tue Aug 22 12:40:18 WST 2000


On Tue, Aug 22, 2000 at 12:44:08PM +0000, Lee Sanders wrote:
> > Ok, who sent .bash_history --> /dev/null??
> 
> If you wished to prevent such a thing then you should hack bash such that
> it syslogs as well.

Yeah, that works until they 'exec /bin/tcsh' or installs their own custom
shell and run that.  Plus, it sounds like a good way to fill up the
system logs very quickly if someone wants to.  Basically a bad idea all
round.  If you want to do this stuff then it needs to be done in the
kernel (like, surprise, surprise, the current accounting setup in Linux)
but even then, the value of multi-megabyte logs of every process
executed are of questionable value.  For example, C2 audit is mostly a
waste of time.



More information about the plug mailing list