На ср, 2003-10-29 в 07:11, John Keimel записа: > For several servers I maintain we took the bash code and hacked it to > log all commands, with usernames, to a log file. Yes, it's nosy. It's > actually called 'nosy bash' by us. It's not been sent to the bash > maintainers at all yet, but I could see if my coder can make a diff of > it. > > It's come in quite handy at times. Quite handy. > > "I didn't do that!" > "Well, yes, you did. At 1:43:00 you type 'rm -rf /' " > "No I didn't" > "Yes, see, it's in the logs." > "Oh.. ummm..." > <disable account> > "Bu bye". > > I regualrly grep the log for keywords or sometimes tail it if I'm > suspicious of someone. But for the most part, I don't ogle it > constantly. Who has time for that? > > I'm also running grsec patches as well. Grsec didn't do the nosy bash > like I wanted, so I'm keepign the nosy bash. What if the user compiles zsh (or there is something similar) and uses it? Or finds a way that doesn't use bash to execute his commands? I've thought of doing something like this in the ssh server, but edned implementing it in the ssh client, because of the requirements...
Attachment:
signature.asc
Description: This is a digitally signed message part