[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: command logging

A couple ideas spring to mind.  The first and easiest to implement is 
process accounting.  It can be turned on within the kernel, BSD Process 
Accounting under General Setup.  The drawback there is that you don't get 
command line arguments.

Another option would be the logging that comes with something like the  
GrSecurity kernel patch.  http://www.grsecurity.net/  If you're going to 
be allowing shell access you'll probably want something like grsec 
anyway, among other things.

Hope that helps.


On Tue, Oct 28, 2003 at 10:56:53PM -0500, Dan MacNeil wrote:
> For a box that will have limited shell access, I'm looking for something
> that will log all commands. The sudo log is nice but not everything is run
> through sudo.
> There won't be many privacy issues as most users won't have shell.
> The goal is to review a daily report for anything unexpected: stuff like:
> tar -xzf rootkit.tar.gz

Reply to: