[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Modifying SSH to Capture Login Credentials from Attackers
- To: bodik@xxxxxxxxxx
- Subject: Re: [Full-disclosure] Modifying SSH to Capture Login Credentials from Attackers
- From: maxigas <maxigas@xxxxxxxxxxxx>
- Date: Wed, 30 Sep 2009 01:32:52 +0100 (BST)
From: "bodik@xxxxxxxxxx" <bodik@xxxxxxxxxx>
Subject: Re: [Full-disclosure] Modifying SSH to Capture Login Credentials from
Attackers
Date: Wed, 30 Sep 2009 00:03:51 +0200
>> All standard users have read access to /var/log/auth, so if root
>
> they shouldn't, at least on my default debian they don't ...
On my default Ubuntu, users in "adm" group have reac access to the
authentication log file:
me@machine: ls -l /var/log/auth.log
-rw-r----- 1 syslog adm 46774 2009-09-30 01:10 /var/log/auth.log
--
×× maxigas
// villanypásztor / kiberpunk / web shepherd //
-= Important communication disclaimer: by replying to my emails you are
disclaiming all your disclaimers. =-
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/