you're not absolutely right. there are ways to log _everything_. by now, i'm using grsecurity for a while and there are logging capabilities for everything, chroots, chdirs, execve calls, (un)mounts, and so on.
btw, patching the shell is not a good idea, a user can a command from (for example) mc, or any other programs, in theses cases execve() is not called by the shall. and the user also can change its shell. i suggest appling a grsecurity patch for the kernel, it's a very good way to trace user activities, but it will make a minimum of 3-5MB syslog every day(uncompressed). Bye, Gergely Czuczy mailto: [EMAIL PROTECTED] PGP pubkey: http://phoemix.harmless.hu/phoemix.pgp iRCNet: #demoscene ICQ: 8067175 The point is, that geeks are not necessarily the outcasts society often believes they are. The fact is that society isn't cool enough to be included in our activities.
