[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: snoop capabilities?



In message <199702252258.OAA05558@parc.power.net>"Andrew G. Morgan" mumbled
[...]
>I agree with Ted in that this sort of thing is not addressed by the PAM
>spec., however, everything I said before _is_ true and I am sure it is 
what
>Jeremy is after... ;^)

Yup, I do believe this will let me 'snoop' or 'log' people's in/out...

>Here is a simple example: try running pam_filter with upperLOWER on 'su'.
>
>Insert this as the _last_ authentication line in your pam.conf file on a
>stock Red Hat system (after the pam_unix_auth or pam_pwdb etc.. "auth"
>line).
>
>su      auth       required     /lib/security/pam_filter.so \
>                                        run1 /usr/sbin/pam_filter/upperLOWER

Small note for people looking over our shoulders.. the pam-0.56-1 rpm puts 
the pam_filters in /sbin/pam_filter

[...]
>To be strict about it (and to agree with Ted's sentiment), PAM does not
>address this sort of thing.  This is basically code that pushes the PAM
>envelope.
>
>All of the terminal stuff in pam_filter is probably not very portable, 
and I
>fully realize this was not what PAM was ever intended to do, this is 
mostly
>why I never wrote any more filters... However, as you will see by this
>example, it actually works and besides, it just seemed like a neat trick 
at
>the time!!

Well, it will enable me to achieve what I need, so I'm going to write a 
program that utilizes it.  Hopefully the functionality will stay around in 
PAM.  I just want to be able to 'watch' some of the more problematic users 
on my system, since I've found people trying to hack that ever illusive 
root before.  So, I'll write up some sort of small program, and release it 
through here, and a web page that will for sure have a few comments of the 
ethics of this (this is for security, not for being really damn nosey).  
And about portability, well, I need it on linux, and I've seen similar 
things for other OS (sunos/sparc has a loadable module to do this) so I'll 
not worry about that for now.

-jeremy
-------------------------------------------------------------------------
      Jeremy Heffner             |  Televiso.com System Administration   
  Finger for PGP public-key      |  My thoughts, my brains, noone else's
-------------------------------------------------------------------------




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []