Re: Logging de ftp y telnet

To: debian-user-spanish@lists.debian.org
Cc: Hue-Bond <hue@cyberchat2000.com>
Subject: Re: Logging de ftp y telnet
From: Amaya <amaya@andago.com>
Date: Thu, 8 Nov 2001 11:49:03 +0100
Message-id: <[🔎] 20011108114903.D7605@aenima>
Mail-followup-to: debian-user-spanish@lists.debian.org, Hue-Bond <hue@cyberchat2000.com>
In-reply-to: <[🔎] 20011103190805.A27264@genus.cyberchat2000.com>
References: <[🔎] 842242019.20011102183935@ensaladilla.com> <[🔎] 20011103125910.A1125@alcotan> <[🔎] 20011103190805.A27264@genus.cyberchat2000.com>

David Serrano dijo:
>          O sea que yo, usuario, hago 'echo ^D' y consigo que el admin no
>      grabe lo que hago :^). ¿Es tan sencillo? jeje.

Yo uso Snoopy, http://sourceforge.net/project/?group_id=2091

  Snoopy is designed to aid the taks of a sysadmin by providing a log of
  commands  executed. Snoopy is  completely transparent  to the user and
  applications it hooks in as a library providing a wrapper around calls
  to execve() calls. Logging is done via syslogd and written to authpriv
  allowing secure offsite logging of activity, generally the authpriv is
  stored as /var/log/auth.log.


Ejemplo de la salida:

~-root@onix>tail -f /var/log/auth.log
nov  8 11:46:14 onix snoopy[8399]: [amaya, uid:1000 sid:7614]: vi ChangeLog 
nov  8 11:47:17 onix snoopy[8400]: [amaya, uid:1000 sid:7614]: su - 
Nov  8 11:47:19 onix su[8400]: + pts/1 amaya-root 
nov  8 11:47:19 onix PAM_unix[8400]: (su) session opened for user root by amaya(uid=1000)
nov  8 11:47:19 onix snoopy[8400]: [amaya, uid:0 sid:7614]: -su 
Nov  8 11:47:19 onix snoopy[8401]: [amaya, uid:0 sid:7614]: fortune -a 
Nov  8 11:47:20 onix snoopy[8402]: [amaya, uid:0 sid:7614]: tty -s 
Nov  8 11:47:20 onix snoopy[8403]: [amaya, uid:0 sid:7614]: stty cs8 -istrip -parenb 
Nov  8 11:47:20 onix snoopy[8405]: [amaya, uid:0 sid:7614]: /usr/bin/dircolors 
Nov  8 11:47:27 onix snoopy[8407]: [amaya, uid:0 sid:7614]: tail -f /var/log/auth.log 
nov  8 11:47:42 onix snoopy[8409]: [(null), uid:1000 sid:8409]: gnome-terminal --use-factory --start-factory-server 
nov  8 11:47:43 onix snoopy[8413]: [amaya, uid:1000 sid:8412]: fortune -a 
nov  8 11:47:43 onix snoopy[8414]: [amaya, uid:1000 sid:8412]: tty -s 
nov  8 11:47:43 onix snoopy[8415]: [amaya, uid:1000 sid:8412]: stty cs8 -istrip -parenb 
nov  8 11:47:43 onix snoopy[8417]: [amaya, uid:1000 sid:8412]: /usr/bin/dircolors 
nov  8 11:47:49 onix snoopy[8418]: [amaya, uid:1000 sid:8412]: ls -F -p -N --color=auto 

Sumado a logcolorize, es fácil detectar actividad sospechosa.
Va de vicio, pero los logs suben de tamaño que da gusto :-)

-- 
Open your mind, and your ass will follow    - Michael Balzary, aka Flea, RHCP

 Amaya Rodrigo Sastre       www.andago.com  Sta Engracia, 54  28010 Madrid
 BOFH-dev && CVS Evangelist                 Tfn: 912041124    Fax: 912041111
 Listening to: %s

Reply to:

References:
- Re[2]: Logging de ftp y telnet
  - From: papapep <papapep@ensaladilla.com>
- Re: Logging de ftp y telnet
  - From: Francisco Callejo <fcallejo@arrakis.es>
- Re: Logging de ftp y telnet
  - From: Hue-Bond <hue@cyberchat2000.com>

Prev by Date: fuentes de archivos pdf
Next by Date: Re: XFree86-4: No screens found
Previous by thread: Re: Logging de ftp y telnet
Next by thread: Mplayer
Index(es):
- Date
- Thread