Re: commandlogging
from the secret journal of Izak Burger (gpf@linuxuser.co.za):
> I think you're thinking about BSD process accounting. It provides a way
> to tell the kernel to write process information to a file. I have never
> worked with it before, but now you have a bit more to go on :)
almost. since bsd process accounting only comes into effect when a process
exits, a trojan could exec("/bin/ls") and escape being logged. (IIRC)
--
Jacob Kuntz
jake@capecodvacation.com
http://underworld.net/~jake
Reply to: