On 6 Dec 2012, at 00:19, Tim Daneliuk <tun...@tundraware.com> wrote:
> sudo chown root:wheel my_naughty_script > sudo chmod 700 my_naughty script > sudo ./my_naughty_script > > The sudo log will note that I ran the script, but not what it did. > > wow, way to complicate matters. sudo csh > So Gentle Geniuses, is there prior art here that could be applied > to give me full coverage logging of every action taken by any person or > thing running with effective or actual root? > > P.S. I do not believe Now would be a good time to start, then. The only things you need to ensure are: - auditd cannot be killed off (this is an interesting bit actually, anyone knows how to do that ?) - the audit trail files can only be appended to ; man chflags An alternative would be lshell, however you'll have to whitelist commands people can execute. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
