lastcomm

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Rafi Sadowsky: "Re: Unix command-line _arguement_ signatures"
• Previous message: tlunt@ARPA.MIL: "Re: ANN for ids"
• Next in thread: G_P_Brefini%mbcorp1@MBMGATE1.mitre.org: "Re: lastcomm"

Pascal was discussing command-line auditing...

this is almost keystroke monitoring; if you're going to go to that length,
y'might as well shovel everyone through a shell shim that sets up a pair
of PTYs and logs all the characters that the user stuffs through it.

There have been times, though, when I've REALLY wanted more information than
what "lastcomm" gives us [if it gives us anything at all].

I remember an occasion when I wound up using that old TIOCSTI program to bang
"history > /tmp/xxx" into an intruder's [?] input buffer, just so I could see
what he'd been doing all that time.  It worked, and then someone pointed out
that the machine in question had "gcore", which wouldn't have clued the guy in
that I was on to him...

_H*

• Next message: Rafi Sadowsky: "Re: Unix command-line _arguement_ signatures"
• Previous message: tlunt@ARPA.MIL: "Re: ANN for ids"
• Next in thread: G_P_Brefini%mbcorp1@MBMGATE1.mitre.org: "Re: lastcomm"