Re: User Monitoring
On Tue, 6 Feb 2007 14:09:55 +0800
David Schulz [EMAIL PROTECTED] wrote:
Hello all,
i would like to provide a SSH Login for selected people on a
dedicated Machine, to be a little bit of a playground to some who
dont have any Unix experience and so on.
Without a doubt i will get the one or the other trying to do
something nasty to the Box, so my question is how to keep track of
what Users are doing? Using process accounting as described http://
www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security-
accounting.html in the handbook?
Can you share some easy to implement tricks to keep the worst from
happening to my Machine?
Hello :)
I think you really have 2 issues :
1) how to prevent them breaking havoc on your machine.
2) how to know what they are doing.
2) : answered on the other posts.
1) normal users shouldn't have access to break many things (nothing system
related actually)..but, since paranoid we must be, why not just install a jail
(or set of jails if you want to provide for maximum separation) and give them
access to the jails ? They'll be able to do most stuff a newbie would do (and
an advanced user too :) ) , and u can even give them root in the jail :).
Best,
_
{Beto|Norberto|Numard} Meijome
What you are afraid to do is a clear indicator of the next thing you need to do.
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: User Monitoring
In response to David Schulz [EMAIL PROTECTED]: Hello all, i would like to provide a SSH Login for selected people on a dedicated Machine, to be a little bit of a playground to some who dont have any Unix experience and so on. Without a doubt i will get the one or the other trying to do something nasty to the Box, so my question is how to keep track of what Users are doing? Using process accounting as described http:// www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security- accounting.html in the handbook? Can you share some easy to implement tricks to keep the worst from happening to my Machine? Have a look at security/sudosh ... it won't prevent anything, but it will allow you to monitor what folks do. -- Bill Moran Collaborative Fusion Inc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: User Monitoring
On Tue, Feb 06, 2007 at 02:09:55PM +0800, David Schulz wrote: Without a doubt i will get the one or the other trying to do something nasty to the Box, so my question is how to keep track of what Users are doing? Using process accounting as described http:// www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security- accounting.html in the handbook? Can you share some easy to implement tricks to keep the worst from happening to my Machine? See the man page for WATCH(8), watch -- snoop on another tty line -- Kelly D. Grills [EMAIL PROTECTED] pgpaXr6MzmShj.pgp Description: PGP signature
Re: User Monitoring
On Tue, Feb 06, 2007 at 06:31:40PM -0600, Kelly D. Grills wrote: On Tue, Feb 06, 2007 at 02:09:55PM +0800, David Schulz wrote: Without a doubt i will get the one or the other trying to do something nasty to the Box, so my question is how to keep track of what Users are doing? Using process accounting as described http:// www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security- accounting.html in the handbook? Can you share some easy to implement tricks to keep the worst from happening to my Machine? See the man page for WATCH(8), watch -- snoop on another tty line And be sure to let your users know that you are keeping track of them. Sorry for the multi-reply, fingers got ahead of brain. -- Kelly D. Grills [EMAIL PROTECTED] pgpuoDabjsSAC.pgp Description: PGP signature
User Monitoring
Hello all, i would like to provide a SSH Login for selected people on a dedicated Machine, to be a little bit of a playground to some who dont have any Unix experience and so on. Without a doubt i will get the one or the other trying to do something nasty to the Box, so my question is how to keep track of what Users are doing? Using process accounting as described http:// www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security- accounting.html in the handbook? Can you share some easy to implement tricks to keep the worst from happening to my Machine? Thanks, David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
