[Bug 491430] Review Request: sslogger - A keystroke logging utility for privileged user escalation
bugzilla at redhat.com
bugzilla at redhat.com
Wed May 27 08:17:43 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=491430
Gratien D'haese <gratien.dhaese at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flag| |needinfo?
--- Comment #20 from Gratien D'haese <gratien.dhaese at gmail.com> 2009-05-27 04:17:39 EDT ---
* fully agree with the comments in #17 - thanks for the in-depth analysis
Mamoru
==> the legal issue must be fixed
* man page sslogger contains an error:
FILES
/etc/sloger.conf << /etc/sslogger.conf
Configuration file
* Concerning "replay" - I agree it would be better to rename it to e.g.
slreplay
$ replay /var/log/sl/2009/05/sl-fed-gdha-root-2009.05.27-09:24:31.log
Sending output to: /dev/pts/4
/var/log/sl/2009/05/sl-fed-gdha-root-2009.05.27-09:24:31.log: Permission denied
End replay
==> replay can only be used by people part of group sloggers. Why can a plain
user not replay his own logs?
==> replay man page missing
==> some useful functions are still missing in replay such as find. I would
rather see "/" as find symbol, rather then "f" (try to follow vi syntax)
* It is rather confusing to see sometimes slogger and then sslogger and then sl
e.g. in config.h: #define SLOGGER sslogger
* The "-h" option is not respected:
$ sl -h
[sudo] password for gdha:
$ sslogger -h
Sloggerd started, file is
/var/log/sl/2009/05/sl-fed-gdha-gdha-2009.05.27-10:04:37.log
Reason for invoking thus interactive shell for gdha:
* Found lots of spelling errors in source files and in the man page
* why not combining the -u option in sslogger itself? Why using sl for that
purpose?
* The sl.log file contains not enough information where the log file itself is
stored:
# cat /var/log/sl/sl.log
2009-05-27 09:24:39 sslogger[30880]; user:gdha; as:root;
invoked_shell:"/bin/bash"; logfile:sl-fed-gdha-root-2009.05.27-09:24:31.log;
reason:test sslogger
Actual location is:
/var/log/sl/2009/05/sl-fed-gdha-root-2009.05.27-09:24:31.log
To use replay (or cat) it would be better to log the full path of the log file.
* why do I read in the log file Sloggerd started - it should read sslogger
started
# ps ax|grep ssl
31720 pts/2 S+ 0:00 sslogger
31721 pts/2 S+ 0:00 sslogger
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the Fedora-package-review
mailing list