Re: [Sudoscript-devel] new script(1) on Solaris 8
Brought to you by:
hbo
From: Matthew C V. <mva...@ba...> - 2002-10-25 16:08:31
|
I realize there's tons of ways to do evade it. My developers claim that they "must have root access on the box" or they can't do development. I'm not in a position to say no, so I'm trying to do as much as I can to watch them. I sympathize with the paper you wrote, in that sometimes giving them root access is inevitable. I figure I'll log it as close I can until something goes wrong, and at least I can take that log to them and show it to the developers, and hopefully then be able to take away root. I don't care much about the announcement that it's being logged. I want them to know that. I don't however want them tobe able to say when they screw something up that, "that Script started... thing is what caused me to do rm -rf on /." Don't ask how it relates to anything, but trust me, that excuse will be used when something goes wrong. Does anybody know of where I can get the new non-BSD'd (if it even exists) script command? On RH7.3 and up, the script command has the -q option. I tried looking for the source but looking for a binary called script is quite tedious. Again, thanks in advance, ~Matt Valites Unix Admin. Banta-IM Howard Owen wrote: > I haven't even tried to get the BSD derived Linux source for > script(1) to compile on Solaris. > > I note that you announce that the shell is logged, so I > assume your concern is that the script(1) announcement tells > the user exactly where to go to evade the auditing. This > is annoying, but consider that 'xterm' is another easy way > to evade the audit trail, among many, many others available > to a root enabled user. > > > --On Friday, October 25, 2002 11:28:02 AM -0400 Matthew C Valites > <mva...@ba...> wrote: > >> I have sudoscript set up so that it runs upon login for root. This is >> the output after connecting through ssh: >> >> root@coltrane: ssh lopes >> Last login: Fri Oct 25 09:37:32 2002 from john-coltrane.n >> Sun Microsystems Inc. SunOS 5.8 Generic Patch October 2001 >> You have mail. >> Starting tcsh... >> All actions are logged... >> Script started, file is /var/run/sudoscript/ssd.root23324.fifo >> root@lopes: >> >> >> Unfortunatley, since Solaris 8 has an older version of script, I can't >> edit sudoscriptd so that it starts script with the -q option of "Be >> quiet." I used debian to get the source code for script, but it's quite >> heavily BSD'd and won't compile on Solaris. I would like that "Script >> started..." to not appear. Does anybody have any suggestions on where I >> can get a newer script(1) or any other ideas? Thanks in advance, >> ~Matt Valites >> Unix Admin >> Banta-IM >> >> >> >> ------------------------------------------------------- >> This sf.net email is sponsored by: Influence the future of Java(TM) >> technology. Join the Java Community Process(SM) (JCP(SM)) program now. >> http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en >> _______________________________________________ >> Sudoscript-devel mailing list >> Sud...@li... >> https://lists.sourceforge.net/lists/listinfo/sudoscript-devel >> > > > > Howard Owen "Even if you are on the right > EGBOK Consultants track, you'll get run over if you > hb...@eg... +1-650-339-5733 just sit there." - Will Rogers > > > ------------------------------------------------------- > This sf.net email is sponsored by: Influence the future of Java(TM) > technology. Join the Java Community Process(SM) (JCP(SM)) program now. > http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en > _______________________________________________ > Sudoscript-devel mailing list > Sud...@li... > https://lists.sourceforge.net/lists/listinfo/sudoscript-devel > > |