On Mon, Mar 31, 2008 at 12:46 AM, [EMAIL PROTECTED] wrote:
Date: Sun, 30 Mar 2008 20:24:10 -0400
From: Kenny Lussier [EMAIL PROTECTED]
The more I look into this, the more I am realizing that I will need to
do more then just one thing. I will need to do something at either the
On Mon, Mar 31, 2008 at 7:59 AM, Thomas Charron [EMAIL PROTECTED] wrote:
But you'll have to make sure you only have one. Some scripts may
call /usr/bin/bash, others, /usr/bin/sh, others, /usr/bin/ksh, etc..
Yes, we already do that. All shells are currently symlinks to /bin/bash.
Thanks,
The monthly meeting of CentraLUG, the Concord/Central NH GNHLUG chapter,
happens the first Monday of most months at the New Hampshire Technical
Institute's Library, room 146, at 7 PM. Next month's meeting is on April
7th at 7 PM. Directions and maps are available at
http://www.centralug.org Open
On Mon, Mar 31, 2008 at 12:00 PM, Bill McGonigle [EMAIL PROTECTED] wrote:
I ran into this a while back when I was trying to come up with a billing
system that would track my ssh sessions and didn't find a satisfying answer.
script or sudosh would seem to fit the bill, there. Ken seems to
Kenny Lussier [EMAIL PROTECTED] writes:
The control characters aren't the only reason that script doesn't work
for us. Script will write out to a file, but the lines aren't time
stamped, so it's impossible to know when a command was run. Also, the
file would need to be writable by the user,
On Mon, Mar 31, 2008 at 1:03 PM, Paul Lussier [EMAIL PROTECTED] wrote:
Kenny Lussier [EMAIL PROTECTED] writes:
The control characters aren't the only reason that script doesn't work
for us. Script will write out to a file, but the lines aren't time
stamped, so it's impossible to know when
On Mon, Mar 31, 2008 at 2:43 PM, Ben Scott [EMAIL PROTECTED] wrote:
On Mon, Mar 31, 2008 at 1:16 PM, Tom Buskey [EMAIL PROTECTED] wrote:
I concluded it was lots of work to provide security that was not auditable.
Trying to achive a secure audit trail using the usual Unix shells is
(IMO)
On Mon, Mar 31, 2008 at 1:03 PM, Paul Lussier [EMAIL PROTECTED] wrote:
Kenny Lussier [EMAIL PROTECTED] writes:
The control characters aren't the only reason that script doesn't work
for us. Script will write out to a file, but the lines aren't time
stamped, so it's impossible to know
On Mon, Mar 31, 2008 at 12:52 PM, Paul Lussier [EMAIL PROTECTED] wrote:
Bill McGonigle [EMAIL PROTECTED] writes:
I see you've already found lastcomm and friends, but it would be great
to know what you come up with for a correlation mechanism.
Can't you log everything possible via
Kenny Lussier wrote:
This is exactly the case. We have already limited what people can do
on these systems using standard permissions, sudo, etc. What we need
now is to log everything that is done so that when the systems are
audited, we can provide the details of what has been done on the
On Mon, Mar 31, 2008 at 3:09 PM, Kenny Lussier [EMAIL PROTECTED] wrote:
As you pointed out, there are a lot of ways
around these things, such as executing a script that executes a bunch
of commands.
Also in that vein: Programs like vim or emacs, which allow one
execute arbitrary commands
On Mon, Mar 31, 2008 at 3:35 PM, Dan Coutu [EMAIL PROTECTED] wrote:
Sounds to me like you need the kind of security auditing that is found
in DoD administered machines.
Also banks, insurance companies, and other financial institutions,
hospitals and other health-care institutions,
On Mon, Mar 31, 2008 at 3:35 PM, Dan Coutu [EMAIL PROTECTED] wrote:
Kenny Lussier wrote:
This is exactly the case. We have already limited what people can do
on these systems using standard permissions, sudo, etc. What we need
now is to log everything that is done so that when the systems
On 3/31/08, Tom Buskey [EMAIL PROTECTED] wrote:
On Mon, Mar 31, 2008 at 3:50 PM, Ben Scott [EMAIL PROTECTED] wrote:
On Mon, Mar 31, 2008 at 3:35 PM, Dan Coutu [EMAIL PROTECTED] wrote:
Sounds to me like you need the kind of security auditing that is found
in DoD administered
Date: Mon, 31 Mar 2008 13:16:57 -0400
From: Tom Buskey [EMAIL PROTECTED]
Cc: Greater NH Linux User Group gnhlug-discuss@mail.gnhlug.org
Bash has a -r mode for Restricted Shell as well. It's in the manpage at
least.
You might consider bash -r in conjunction with $HISTTIMEFORMAT and
On Mon, Mar 31, 2008 at 4:21 PM, Chris [EMAIL PROTECTED] wrote:
What about Secure Solaris I believe it logs everything by
default, and there is no such thing as root. (Not sure how that
works but)
I think it was folded into Solaris 10.
Solaris has RBAC which can be setup
Date: Sat, 29 Mar 2008 13:13:43 -0400
From: Kenny Lussier [EMAIL PROTECTED]
Using script isn't an option because it logs all of the control
characters.
Not sure why you object to control characters since they're
legitimately part of most sessions.
They are legitimate, but
From: Paul Lussier [EMAIL PROTECTED]
Date: Mon, 31 Mar 2008 12:03:21 -0500
Cc: Greater NH Linux User Group gnhlug-discuss@mail.gnhlug.org
file would need to be writable by the user, which defeats the point of
all the logging :-)
Wow, the lack of creativity here is astounding! :)
On Mon, Mar 31, 2008 at 5:36 PM, [EMAIL PROTECTED] wrote:
From: Paul Lussier [EMAIL PROTECTED]
Date: Mon, 31 Mar 2008 12:03:21 -0500
Cc: Greater NH Linux User Group gnhlug-discuss@mail.gnhlug.org
file would need to be writable by the user, which defeats the point of
all the
Hi all,
Comcast just nailed my port 25 access.
Can't telnet to port 25 anywhere that I've tried, but port 587 seesm to
be working lots of places.
I am too much in love with direct control over my email to suffer being
reduced to 5 emails names and a pop connection for inbound mail, as well as
On Mon, Mar 31, 2008 at 4:12 PM, Tom Buskey [EMAIL PROTECTED] wrote:
These days, it's the Common Criteria standards,
NISPOM and Chapter 8 specifically.
NISPOM Chapter 8 is even less useful than the CC stuff. NISPOM
doesn't even define terms in many cases. And it never covers
implementations
On Mon, March 31, 2008 5:36 pm, [EMAIL PROTECTED] said:
...
export PS1='[ `date` ]'
...
Note: That will probably not do what you intended... Each time a
prompt is issued, the same exact prompt will be issued, namely
[ Mon Mar 31 17:32:54 UTC 2008]. date will not be rerun
before each
Jeff Kinz wrote:
So I am looking for reccomendation for SMTP mail relay services.
There are some guys in Manchester who do this, and donate services to
GNHLUG. :)
http://www.dyndns.com/services/mailhop/relay.html
http://www.dyndns.com/services/mailhop/outbound.html
See if any of the
On Mon, Mar 31, 2008 at 6:32 PM, Bill McGonigle [EMAIL PROTECTED] wrote:
Jeff Kinz wrote:
So I am looking for reccomendation for SMTP mail relay services.
There are some guys in Manchester who do this, and donate services to
GNHLUG. :)
On March 31, 2008, Jeff Kinz sent me the following:
I would have already gone with them except I can't figure out if I will
be able to configure sendmail correctly to work with their system.
(I'm surmising they require SMTP-AUTH which I know nothing about
despite having used sendmail for
Date: Mon, 31 Mar 2008 17:59:11 -0400 (EDT)
From: John Abreau [EMAIL PROTECTED]
Cc: gnhlug-discuss@mail.gnhlug.org
...
export PS1='[ `date` ]'
...
Note: That will probably not do what you intended... Each time a
prompt is issued, the same exact prompt will be issued, namely
[
On Mon, Mar 31, 2008 at 7:30 PM, Chip Marshall [EMAIL PROTECTED] wrote:
On March 31, 2008, Jeff Kinz sent me the following:
I would have already gone with them except I can't figure out if I will
be able to configure sendmail correctly to work with their system.
(I'm surmising they
Ben,
This is very useful info and is deeply appreciated.
(You can have my porcupine if you want it... :-) )
Thank you.
Jeff.
On Mon, Mar 31, 2008 at 9:59 PM, Ben Scott [EMAIL PROTECTED] wrote:
On Mon, Mar 31, 2008 at 9:33 PM, Bill McGonigle [EMAIL PROTECTED] wrote:
I think that's right,
Hey Jeff,
Why not use gmail's servers ? AUTH-SMTP works fine, and it's free. When I
used to be
on Verizon Business DSL w/dynamic ip, I would use gmail as my relay on my
CentOS Asterisk box.
Gerry
(In Greenfield, on Verizon Biz DSL, never any port blocking)
On 3/31/08, Jeff Kinz [EMAIL
29 matches
Mail list logo
