Re: [tlug] comand-line recording...

[Christian Horn <chorn@example.com>]

On Mon, Sep 28, 2009 at 03:58:09PM +0900, Bruno Raoult wrote:
>
> [auditing requiremente]

Reading you requirements, maybe rootsh does a big share of what you need.
Here users can execute rootsh as the role-users (i.e. apache) via sudo.
rootsh transmits the useractions as syslog-messages or into a logfile.


> Typing "sudo" for each command is painful. And there are still
> numerous cases where
> we will loose information (for instance ":sh" in vi, which is very common).

Also logged by rootsh:
rootsh[00cc1]: root: root=tester,/dev/pts/0: logging new login session (rootsh[00cc1])
rootsh[00cc1]: root: 000: [tester@example.com ~]$ vi myfile
appnfs rootsh[00cc1]: root: 001: ?1049l..sh[?25h
appnfs rootsh[00cc1]: root: 002: [tester@example.com ~]$ ls
appnfs rootsh[00cc1]: root: 003: [tester@example.com ~]$ id


On Mon, Sep 28, 2009 at 06:58:05PM +0900, Curt Sampson wrote:
> 
> [...]
> I typed "ec^Hcho foo" and, no surprise, the word "echo" does not appear
> in the script file.

appnfs rootsh[00cc1]: root: 012: Kcho foo


Ofcourse, the complete farm-management solution where you check
in your changes into a VersioningSystem and push it onto the servers
via puppet/cfengine is great, just environment isnt homogeneous 
enough over here yet.


Christian