Re: root shell auditing
TJ Easter wrote:
Mars,
Not sure if it's an exact fit, but I put together a small patch
against bash 3.x a while back for someone that logs all commands to
syslog. It hooks the commands as they're being logged into bash's
history buffer, so a (remote) syslog can capture commands in real
time.
I don't recall what all it logged. I believe UID, $PWD, and
command. Timestamp came from syslog.
Let me know if you're interested, I'll dig around for the .diff
and send it to you.
Awesome, so I should just spawn zsh or tcsh ... to work around this? ;-)
-h
--
Hari Sekhon
Relevant Pages
- Re: monitoring shell commands (recording username/cmd/time)
... > I'm wondering if there is a version of bash or tcsh that logs all commands ... I've used it myself some time ago on a shell server and it works ...
(freebsd-isp) - Re: How to eliminate the igd17223i message from the syslog under sdsf.
... Kentucky Farm Bureau Insurance - Louisville ... How to eliminate the igd17223i message from the syslog ... you an edit session showing all syslog content since the last syslog ... All ISPF edit commands are available then. ...
(bit.listserv.ibm-main) - RE: root shell auditing
... Subject: root shell auditing ... It hooks the commands as they're being logged into bash's ... so a syslog can capture commands in real ... Timestamp came from syslog. ...
(Focus-Linux) - RE: root shell auditing
... On Behalf Of TJ Easter ... It hooks the commands as they're being logged into bash's ... so a syslog can capture commands in real ... Currently in our environment administrators get root shell access ...
(Focus-Linux) - Re: monitoring shell commands (recording username/cmd/time)
... > I'm wondering if there is a version of bash or tcsh that logs all commands ... Yeah, there is a BOFH patch for bash, you can get from here: ...
(freebsd-isp) |
|
