RE: command logging
If your programmer gives you the diff could you please send it to me too?
> -----Original Message-----
> From: email@example.com [mailto:firstname.lastname@example.org]
> Sent: Wednesday, October 29, 2003 7:29 AM
> To: Dan MacNeil; email@example.com
> Subject: Re: command logging
> On Tue, Oct 28, 2003 at 10:56:53PM -0500, Dan MacNeil wrote:
> > For a box that will have limited shell access, I'm looking for something
> > that will log all commands. The sudo log is nice but not everything is
> > through sudo.
> > There won't be many privacy issues as most users won't have shell.
> > The goal is to review a daily report for anything unexpected: stuff
> > tar -xzf rootkit.tar.gz
> For several servers I maintain we took the bash code and hacked it to
> log all commands, with usernames, to a log file. Yes, it's nosy. It's
> actually called 'nosy bash' by us. It's not been sent to the bash
> maintainers at all yet, but I could see if my coder can make a diff of
> It's come in quite handy at times. Quite handy.
> "I didn't do that!"
> "Well, yes, you did. At 1:43:00 you type 'rm -rf /' "
> "No I didn't"
> "Yes, see, it's in the logs."
> "Oh.. ummm..."
> <disable account>
> "Bu bye".
> I regualrly grep the log for keywords or sometimes tail it if I'm
> suspicious of someone. But for the most part, I don't ogle it
> constantly. Who has time for that?
> I'm also running grsec patches as well. Grsec didn't do the nosy bash
> like I wanted, so I'm keepign the nosy bash.
> + It's simply not | John Keimel +
> + RFC1149 compliant! | firstname.lastname@example.org +
> + | http://www.keimel.com +
> To UNSUBSCRIBE, email to email@example.com
> with a subject of "unsubscribe". Trouble? Contact