Root shell with logging
Michael Velez
mikev777 at hotmail.com
Wed Apr 25 07:31:13 UTC 2007
> Hi all,
>
> due to security contraints I am looking for a shell that logs
> all commands that are invoked by the user, in particular if
> the user has become root. I found two (non-RedHat)
> approaches: sudosh and rootsh. Sudosh seems to be a pretty
> good tool, unfortunately it logs also passwords in clear-text
> format. Rootsh not only logs keystrokes but also all the
> output to syslogd and fills up our log files . So, both tools
> are not suitable for us. At the moment we just copy the
> .bash_history file if a user logs out. But this is not
> absolutely reliable.
>
> Are there any other approaches? Could someone please point me
> to a usable solution for this issue?
>
> Thanks,
> Oliver Fenker
I've never used rootsh myself but doesn't it have an option, --no-syslog,
which prevents logging to the syslog file? You could recompile rootsh
forcing the --no-syslog option. You can find the source code in
SourceForge.
HTH,
Michael
More information about the redhat-list
mailing list