[SunHELP] trace root commands
sunhelp at sunhelp.org
sunhelp at sunhelp.org
Wed Nov 7 08:59:05 CST 2001
I've hacked GNU bash to log everything everyone does, with timestamps.
You are welcome to a copy of the source, available (http only please)
from
http://avoidant.org/sh_bash.tgz
Sorry, but it's 1.14.7. I'm working on 2.0, but it's not thoroughly
tested enough for release yet.
I know, most of you don't use bash for root's shell. I also know why,
and if you build this one statically and strip it, you'll be safe. If
you don't like the idea, come up with a different one.
The only problem with my version of bash is the fact that you lose
previous history when you log out. I had to do that, or it would feed
all of it into the log every time you log in. If that bothers you,
sorry, but once again, find a better way.
---sambo
Steve Wingate wrote:
>
> You should either set the root shell config files to not clobber the history or
> disable root logins and force everyone to use sudo. This would log everything run by sudo and tell you who did it, if you configure it to.
> I've seen client boxes with a history nearly 1,000 commands long, although that doesn't tell you when something was run.
>
> On Tue, 06 Nov 2001 15:28:31 -0200
> "massaki" <massaki at fujitsu.com.br> wrote:
>
> > Hi all,
> >
> > Is it possible to trace all root or user commands that have
> > been issued in a period of time ?
> >
> > Does solaris keep track of this information other than history?
> >
> > Please let me know.
> > _______________________________________________
More information about the SunHELP
mailing list