Thanks to a lot of people including: Neill, Mark Julian, John Thomas, Knox Daniel, Tate and others. ........Original Question at the bottom...................... ...Julian:... he can move his .profile because he has write permission in his home dir. Moving, deleting files only require write perms on the dir. .../Julian... Consensus was: ...Daniel... Enable logging. 1 - touch /var/adm/pact as root 2 - /etc/init.d/acct start the command to use is 'lastcomm' .../Daniel... ...Thomas... In sshd_config: ssh2 and OpenSSH: SyslogFacility AUTH LogLevel DEBUG ssh1: FacistLogging YES restart ssh: "sshd -e 2>/my/log/file". That will send all logging to /my/log/file and not to the syslog. Careful, these logs can get BIG. I'd suggest using logrotate to manage them. .../Thomas... [Above Quoted directly more or less] Basically the consensus was that I enable the Solaris built in accounting features -- 'man acct' which would probably solve my prolem but is more trouble than its worth. SSH accounting features seem to be the next best thing, but those don't discriminate between users, so the log file would grow to be very big very fast :p. Another thing I could do is recompile 'script', which I think is the best answer. If I had gcc installed on here, I would recompile it so that it is quiet, hence user has no idea he is being logged unless he does 'ps -ef' or 'lsof' or 'cat .profile' -- I doubt he will think that if he doesn't suspect anything. Since this is a small intranet DB server for our office, the SSH answer is right now the easiest and best solution, but for anyone else with lots of users, recompiling 'script' would be the best way to log someone -- 'Script' will only fool a newbie, but won't fool just about anyone else that runs 'ps' or customizes his .profile, this is where SSH and the Solaris acct features come into play and will work better. www.nul.cjb.net www.FreeBSD.org _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.comReceived on Thu May 17 21:59:23 2001
This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:24:55 EDT