From: Ken Williams <jkwilli2@unity.ncsu.edu>
Date: Thu, 5 Mar 1998 10:11:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <Pine.SOL.3.96.980305125302.21425A-100000@c00069-100lez.eos.ncsu.edu>
MIME-Version: 1.0
Content-Type: text/plain



Hello,

I have more of a general privacy rather than a crypto question.  I am
trying to set up "tripwires" in the various computer accounts that i have
so i will know if a superuser or sysadmin has accessed them.  (it should
be taken for granted at this point that all sensitive or personal data is 
encrypted and/or stored on floppies)  i of course am only concerned with
doing so for accounts that i don't already have su access with.  i have
accounts on various flavors of UNIX, but i am most interested in
tripwires/scripts for Solaris 2.4-6.  so far, the best i have been able to
come up with is a couple of very ineffective tripwires.

1.  a few lines in .Xlogout that write the host/date stamp to a file that
    is hidden a few directories deep.

    - this of course only works if someone logs in to my account using
    my own login/passwd, and it doesn't work over dialup at all.

2.  i have a .environment file that will write all of the relevant user
    info to a file if that user adds my directory with the "add" command

    - this will catch all superuser accesses *if and only if* they add
    my directory.  they could simply cd into my directory to bypass it.

anyone have any ideas for tripwires or any other methods i can use, having
only regular user access, to monitor ANY accesses made to my account,
especially by superusers/sysadmins?


thanks for your consideration of this question,

ken