Re: command logging
A couple ideas spring to mind. The first and easiest to implement is
process accounting. It can be turned on within the kernel, BSD Process
Accounting under General Setup. The drawback there is that you don't get
command line arguments.
Another option would be the logging that comes with something like the
GrSecurity kernel patch. http://www.grsecurity.net/ If you're going to
be allowing shell access you'll probably want something like grsec
anyway, among other things.
Hope that helps.
On Tue, Oct 28, 2003 at 10:56:53PM -0500, Dan MacNeil wrote:
> For a box that will have limited shell access, I'm looking for something
> that will log all commands. The sudo log is nice but not everything is run
> through sudo.
> There won't be many privacy issues as most users won't have shell.
> The goal is to review a daily report for anything unexpected: stuff like:
> tar -xzf rootkit.tar.gz