Re: log all activity of a special user?
_at_@zzeenn..ccoo.uukk
Date: 05/04/04
- Previous message: Juha Laiho: "Re: Tripwire reports many violations but no errors"
- In reply to: Florian Wolters: "log all activity of a special user?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 04 May 2004 18:03:41 +0100
Florian Wolters wrote:
> hi!
>
> is there any possibility to log all activity on the console of a special
> user?
> i just want to see averything th euser does on the console...
> tnx for any hints
>
>
> flo
I don't know how feasible this is but would it be possible to cause the
system concerened to run '/usr/bin/script' in some way when the user
loggs on pointing it to a log file in a secure location. that way, eaven
if they 'su -' it will capture the input and output of the console
(including stderr i believe) and save it to a specified file.
An example is below although I'm not sure how you would specifically set
it up and the size of the captured file is
a quick check with the command:-
[xeon@baseline documents]$ script --help
script: invalid option -- -
usage: script [-a] [-f] [-q] [-t] [file]
[xeon@baseline documents]$ whereis script
script: /usr/bin/script /usr/share/man/man1/script.1.gz
[xeon@baseline documents]$ script dum
Script started, file is dum
[xeon@baseline documents]$ su -
Password:
[root@baseline root]# ls
amsn_received install.log sound
anaconda-ks.cfg install.log.syslog test.sh
Desktop lfs5-chroot XConf.old
fglrx-glc22-4.3.0-3.7.0.i386.rpm lfs-chroot.sh XF86Config
findwin.e NVIDIA-Linux-x86-1.0-4363
IBMFLASH NVIDIA-Linux-x86-1.0-4363.run
[root@baseline root]# top
17:53:15 up 2 days, 10:52, 5 users, load average: 0.12, 0.15, 0.12
77 processes: 75 sleeping, 1 running, 1 zombie, 0 stopped
CPU0 states: 15.0% user 5.0% system 0.0% nice 0.0% iowait 78.0%
idle
CPU1 states: 0.0% user 5.0% system 0.0% nice 0.0% iowait 94.0%
idle
Mem: 512792k av, 506264k used, 6528k free, 0k shrd, 43748k
buff
375800k actv, 28k in_d, 10604k in_c
Swap: 1052248k av, 338020k used, 714228k free 165948k
cached
<<output of top snipped>>
[root@baseline root]# exit
logout
[xeon@baseline documents]$ ls
dum from Anton morn.at music uplink_XMMS.zip uplink.zip
[xeon@baseline documents]$ exit
Script done on Tue 04 May 2004 17:53:21 BST
[xeon@baseline documents]$cat dum
<<output of script file snipped to avoid unnesscasary duplication>>
- Previous message: Juha Laiho: "Re: Tripwire reports many violations but no errors"
- In reply to: Florian Wolters: "log all activity of a special user?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
