Robert, Thanks for the suggestion. nope no x sessions to worry about. not even too worried about users being able to kill it. Most are not knowledgeable users. The purpose is to answer questions like: USER: What happened to file X, who deleted it? Why do my files disappear? SYSADMIN: Let me take a look. Looks like you deleted it right here..see.
script seemed like a perfect solution until we noticed that it was not running user profiles. The command calling script in /etc/profile was not allowing the user profiles to run. .bash_profile would not run but .bashrc would. I guess script intercepted the login process not allowing it to finish. The other thing we noticed is that you need to logout one more time. first one exits script second one exits session. Believe the below way works around this as well. One idea was to use a shell wrapper. so in /etc/passwd your shell would be /usr/local/logger. logger would call script and bash/sh/ksh. Haven't looked into this further is see how much work this is. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Robert Campbell Sent: Wednesday, March 09, 2005 2:48 PM To: CLUG General Subject: Re: [clug-talk] logging users sessions A quick google brought up the "script" command I would look into this, and if it is what you want place it into the /etc/profile stuff so that it starts automatically on login. not very secure as users could kill script... but can be done. Maybe you could do a "su - root -c script <some parameters> in the login so that users can't kill it.... or execute a setuid bourne shell script wrapper even. On Wed, 2005-03-09 at 14:25, Robert Campbell wrote: > Do users have X access over the ssh tunnel, if so logging could be > difficult? > > On Wed, 2005-03-09 at 11:16, [EMAIL PROTECTED] wrote: > > I'm looking for a means to log user sessions. Does anyone have any > > experience with this? What software did you use to do it? > > > > user ssh's in > > any command they type gets echoed to something like /var/log/...... > > I don't want this to be optional > > I want this to work with multiple shells (sh, bash, ksh, etc) > > > > thanks > > sig > > > > > > Found the following but have yet to look at them on more detail. > > http://people.consol.de/~lausser/rootsh/rootsh.html > > http://sudosh.sourceforge.net/ > > http://www.egbok.com/sudoscript/ > > http://foosh.sourceforge.net/ > > http://e133.enemy.cx/xSH-paranoia/ > > > > > > > > _______________________________________________ > > clug-talk mailing list > > [email protected] > > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > > **Please remove these lines when replying > > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
