Mailing List Archive

   tlug.jp -> Mailing List -> tlug archive -> tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] comand-line recording...

On Saturday 26 September 2009 15:09:11 Bruno Raoult wrote:
> I need (from compliance) to get a log of all commands typed by some
> users...
>
> Of course, "script" will do the job, but the output of the commands are
> also there... I just want commands.
> And of course, as I said it is a compliance need, I cannot have write
> access to the log file...

Easy solution: auditd provides exec logging with arguments.

http://people.redhat.com/sgrubb/audit/
http://linux.die.net/man/8/ausearch

The `ausearch` example on the following page illustrates how the EXECVE log 
captures what you are asking for above.

http://alchy.org/index.php?entry=entry071219-114150

If you want a `history` style report, you could easily write a script to 
format output from `ausearch` as you desire.

Alternate solution: grsecurity also provides exec logging with arguments.

http://grsecurity.org/

I do not recommend the hacks that are being discussed in other branches of 
this thread.  If you consider those, you may as well just ask the developers 
to avoid messing with their history and read the commands from the history 
files, because any user who wants to circumvent the "auditing" could easily 
do so.

Travis
Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links