TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:17672] Security question



On Mon, 15 May 2000, Benjamin Exley wrote:

> We have a user here that has been acting a bit suspiciously of 
> late, and we would like to get a record of one of his shell sessions. 

Why not just keep an eye on the user's activity on the system via normal
logging and then just /bin/false their account when you feel that
something is odd.

Then have them come by and ask them whats going on.

It's generally eaiser to get the story, than watch someone over their
sholder i think.  If they continue to mess around and do strange stuff.
Figure out if you really want them on your systems.

Good luck!

-- 
Scott Dier <dieman@ringworld.org> #nicnac@efnet 
http://www.ringworld.org/  finger:dieman@destiny.ringworld.org

Wait. Watch. Wonder.
	-J

http://sluggy.com/d/971226.html