[j-nsp] Logging for shell sessions
Jared Mauch
jared at puck.nether.net
Sun Jul 7 12:34:30 EDT 2024
I don't trust my vendors to run commands on my devices, it's not
personal. If there is a diagnostic that they want run, they need to be
able to articulate the operational risk, or we may want to validate in a
virtual or real physical router.
- Jared
On Sun, Jul 07, 2024 at 11:07:48AM +0300, Saku Ytti via juniper-nsp wrote:
> For things like TAC use, what I've previously done is made a vendor
> shell, where the shell program is screen instead of shell, and screen
> is set up to log.
>
>
> On Sat, 6 Jul 2024 at 16:50, Job Snijders <job at sobornost.net> wrote:
> >
> > Perhaps it’s just about wanting to keep track “what happened?!?”
> >
> > For such a scenario, consider conserver
> > https://www.conserver.com/docs/console.man.html and script
> > http://man.openbsd.org/script to store the terminal interactions
> >
> > Assume untrusted users probably can escape these such environments
> >
> > Kind regards,
> >
> > Job
>
>
>
> --
> ++ytti
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
--
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the juniper-nsp
mailing list