Root shell with logging
Michael Velez
mikev777 at hotmail.com
Wed Apr 25 09:07:16 UTC 2007
> > Hi all,
> >
> > due to security contraints I am looking for a shell that logs all
> > commands that are invoked by the user, in particular if the
> user has
> > become root. I found two (non-RedHat)
> > approaches: sudosh and rootsh. Sudosh seems to be a pretty
> good tool,
> > unfortunately it logs also passwords in clear-text format.
> Rootsh not
> > only logs keystrokes but also all the output to syslogd and
> fills up
> > our log files . So, both tools are not suitable for us. At
> the moment
> > we just copy the .bash_history file if a user logs out. But this is
> > not absolutely reliable.
> >
> > Are there any other approaches? Could someone please point me to a
> > usable solution for this issue?
> >
> > Thanks,
> > Oliver Fenker
>
> I've never used rootsh myself but doesn't it have an option,
> --no-syslog, which prevents logging to the syslog file? You
> could recompile rootsh forcing the --no-syslog option. You
> can find the source code in SourceForge.
>
> HTH,
> Michael
>
Actually, I quickly double-checked a suspicion I had. You can recompile the
code with logging to syslog disabled. Download the source code and run the
/configure command with the --disable-syslog option and then run a make.
That should do it.
Michael
More information about the redhat-list
mailing list