From: Ken Williams <jkwilli2@unity.ncsu.edu>
To: cypherpunks@toad.com
Message Hash: 671d21fd56c763a2b692fb194018e5295582d629c1404ddf342bc39da5026a40
Message ID: <Pine.SOL.3.96.980305125302.21425A-100000@c00069-100lez.eos.ncsu.edu>
Reply To: N/A
UTC Datetime: 1998-03-05 18:11:33 UTC
Raw Date: Thu, 5 Mar 1998 10:11:33 -0800 (PST)
From: Ken Williams <jkwilli2@unity.ncsu.edu>
Date: Thu, 5 Mar 1998 10:11:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <Pine.SOL.3.96.980305125302.21425A-100000@c00069-100lez.eos.ncsu.edu>
MIME-Version: 1.0
Content-Type: text/plain
Hello,
I have more of a general privacy rather than a crypto question. I am
trying to set up "tripwires" in the various computer accounts that i have
so i will know if a superuser or sysadmin has accessed them. (it should
be taken for granted at this point that all sensitive or personal data is
encrypted and/or stored on floppies) i of course am only concerned with
doing so for accounts that i don't already have su access with. i have
accounts on various flavors of UNIX, but i am most interested in
tripwires/scripts for Solaris 2.4-6. so far, the best i have been able to
come up with is a couple of very ineffective tripwires.
1. a few lines in .Xlogout that write the host/date stamp to a file that
is hidden a few directories deep.
- this of course only works if someone logs in to my account using
my own login/passwd, and it doesn't work over dialup at all.
2. i have a .environment file that will write all of the relevant user
info to a file if that user adds my directory with the "add" command
- this will catch all superuser accesses *if and only if* they add
my directory. they could simply cd into my directory to bypass it.
anyone have any ideas for tripwires or any other methods i can use, having
only regular user access, to monitor ANY accesses made to my account,
especially by superusers/sysadmins?
thanks for your consideration of this question,
ken
Return to March 1998
Return to “Ken Williams <jkwilli2@unity.ncsu.edu>”