Re: root shell auditing



TJ Easter wrote:
Mars,
Not sure if it's an exact fit, but I put together a small patch
against bash 3.x a while back for someone that logs all commands to
syslog. It hooks the commands as they're being logged into bash's
history buffer, so a (remote) syslog can capture commands in real
time.

I don't recall what all it logged. I believe UID, $PWD, and
command. Timestamp came from syslog.

Let me know if you're interested, I'll dig around for the .diff
and send it to you.
Awesome, so I should just spawn zsh or tcsh ... to work around this? ;-)

-h

--
Hari Sekhon



Relevant Pages