Re: Command history log for audit trail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 you can run snoopy which will log all commands issued into auth.log - - Ceers, Peter On 15.06.2006, at 22:08, [EMAIL PROTECTED] wrote: I need to set up an audit trail for all commands run on machines. I know that the auth.log records who logs in and when, and that each user's .bash_history has a history of their commands. But is there some other way to create a log for all commands run on a system? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iEYEARECAAYFAkSRwaMACgkQ8MbZtmDLq6xA/gCguhzC4Y6kaU7TkPBaSvFi0/5c CG4AniJoy2pckiFN4CfW89MLWJ7VZsoR =HwJk -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Conclusion: Compromised system - still ok?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wow you guys, thank you very much for all your input. I'll sit down with the manager and we'll discuss which route to take. My first instinct was to warm up those drives and get the tapes .. but I may want to find out more as you guys have suggested! (Thanks to Jeroen, Alvin and Roger) The system is/was an absolutely unimportant backup-mx so I don't think we'll qualify for three-letter help :) In any case .. it has been a very interesting sunday indeed. I'll try to learn from my mistakes. - - Thank you very much, Peter -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iEYEARECAAYFAkIHL84ACgkQ7qdt1xpQls/J7ACgm2ul7gugzoYVoUdAwZ0D+DrT xEAAn3iVE30yOjNdGBt3BQ5TDXQWWQzq =Z6dZ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dsniff/mailsnarf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For all of us non native speakers of english and living outside the USA, here's some info on the acronyms to follow the thread: http://www.safetyfile.com/page/S/CTGY/HIPPA http://www.gaarde.org/acronyms/?lookup=cya Thanks Jose for that .. :) And .. btw. if I ever were to send such information out .. I certainly would make sure that NO ONE could read that info plain text (insert your favorit encryption method here) - - Just my 2c - - Cheers, Peter -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iEYEARECAAYFAkA8YTcACgkQezyUhHKdNXTFugCdGGrCTeug+QA5zmrY6HaT49sa BHkAn1hhN/8b5DExgSAXFpA07k8U6vZZ =h0iC -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dsniff/mailsnarf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For all of us non native speakers of english and living outside the USA, here's some info on the acronyms to follow the thread: http://www.safetyfile.com/page/S/CTGY/HIPPA http://www.gaarde.org/acronyms/?lookup=cya Thanks Jose for that .. :) And .. btw. if I ever were to send such information out .. I certainly would make sure that NO ONE could read that info plain text (insert your favorit encryption method here) - - Just my 2c - - Cheers, Peter -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iEYEARECAAYFAkA8YTcACgkQezyUhHKdNXTFugCdGGrCTeug+QA5zmrY6HaT49sa BHkAn1hhN/8b5DExgSAXFpA07k8U6vZZ =h0iC -END PGP SIGNATURE-
Re: aide, apt-get and remote management...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I would like to thank everybody for their great input. It was very useful to see your responses. I guess the recent rootings have made us all a little more careful. Take care, Peter - -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iEYEARECAAYFAj/cHbMACgkQezyUhHKdNXSmbACggFX9Lf8NKRYInDG7CDgMDT78 NTIAnAxIrmcGUyyjmYEDZo6DS2QuJRfo =v37l -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: aide, apt-get and remote management...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, I'm trying to use aide now as well .. but with the default debian config .. it produces every day massive changes .. especially to the /var/log/* files due to logrotate. Any reasonable settings that account for that? Any advice would be greatly appreciated. - - - Cheers, Peter - - -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iEYEARECAAYFAj/YWCQACgkQezyUhHKdNXRreACeMK9Pt4LIxnKmd8I1GhtaHIT2 vQoAn0YJHamV0D4wJAu0ChFZ6RFijHNe =6MVw - -END PGP SIGNATURE- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iEYEARECAAYFAj/YWJwACgkQezyUhHKdNXQNxgCbBbDuNdmzHxcKlJvmKL8kAnwK D/QAn1sPOMTKi2WkPGblW1uJCci3BJF7 =u0sL -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: aide, apt-get and remote management...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, I'm trying to use aide now as well .. but with the default debian config .. it produces every day massive changes .. especially to the /var/log/* files due to logrotate. Any reasonable settings that account for that? Any advice would be greatly appreciated. - - - Cheers, Peter - - -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iEYEARECAAYFAj/YWCQACgkQezyUhHKdNXRreACeMK9Pt4LIxnKmd8I1GhtaHIT2 vQoAn0YJHamV0D4wJAu0ChFZ6RFijHNe =6MVw - -END PGP SIGNATURE- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iEYEARECAAYFAj/YWJwACgkQezyUhHKdNXQNxgCbBbDuNdmzHxcKlJvmKL8kAnwK D/QAn1sPOMTKi2WkPGblW1uJCci3BJF7 =u0sL -END PGP SIGNATURE-
Re: kernel-source 2.4.20 + grsecurity + freeswan
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, I have debian (stable) with a stock kernel from kernel.org (2.4.20) with FreeSwan 1.99 and grsecurity 1.99h. Worked without a problem so far. The order of pachtes was first FreeSwan, then grsec, if that makes any difference... Good luck, Peter - -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (Darwin) iEYEARECAAYFAj7gUwEACgkQezyUhHKdNXSClQCffrbGpuY7pVZ+iI7SeKdRaH/9 deUAn1++liaKV0fyE+KwJ9kBFsabWhjT =/Kgf -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: kernel-source 2.4.20 + grsecurity + freeswan
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, I have debian (stable) with a stock kernel from kernel.org (2.4.20) with FreeSwan 1.99 and grsecurity 1.99h. Worked without a problem so far. The order of pachtes was first FreeSwan, then grsec, if that makes any difference... Good luck, Peter - -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (Darwin) iEYEARECAAYFAj7gUwEACgkQezyUhHKdNXSClQCffrbGpuY7pVZ+iI7SeKdRaH/9 deUAn1++liaKV0fyE+KwJ9kBFsabWhjT =/Kgf -END PGP SIGNATURE-