Looks like we have found a tool that will work for logging user CLI sessions. Thought I would share what we have done so far.
Our requirements: Cross platform capable Works with ssh (no X access) Any command they type gets echoed to something like /var/log/...... We don't want this to be optional We want this to work with multiple shells (sh, bash, ksh, etc) The more transparent the better http://people.consol.de/~lausser/rootsh/rootsh.html we complied this and installed it. cat /etc/profile ... ... # if uid number does not = 0 or 10 or 300 then run logger script if [[ ! "`id -u`" = "0" && ! "`id -u`" = "10" && ! "`id -u`" = "300" ]]; then /usr/local/sbin/logger exit fi cat /usr/local/sbin/logger #!/usr/local/bin/bash USER=`id -u -n` SHELL=`grep $USER /etc/passwd | sed s/.*://` DATE=`date '+%Y%m%d.%H%M%S'` HOST=`hostname` LOGPATH="/unix_data/log/rootfs" if [[ $SHELL == "/usr/local/bin/bash" ]] then PROFILE="${HOME}/.bash_profile" else if [[ $SHELL == "/usr/bin/ksh" ]] then PROFILE="${HOME}/.profile" fi fi if [ -e "${PROFILE}" ] then /usr/local/bin/rootsh -f $LOGPATH/$DATE.$HOST.$USER.script --no-syslog -- ". $PROFILE; $SHELL" else /usr/local/bin/rootsh -f $LOGPATH/$DATE.$HOST.$USER.script --no-syslog -- "$SHELL" fi We are still testing it. We have had it running for about 5 days on a AIX host and a Linux host. Each login generates a new log file. When they logout rootsh attaches a .closed to the end of the log file. This makes for easier log rotations. sig -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Magnuson, Sig Sent: Wednesday, March 09, 2005 11:17 AM To: [email protected] Subject: [clug-talk] logging users sessions I'm looking for a means to log user sessions. Does anyone have any experience with this? What software did you use to do it? user ssh's in any command they type gets echoed to something like /var/log/...... I don't want this to be optional I want this to work with multiple shells (sh, bash, ksh, etc) thanks sig Found the following but have yet to look at them on more detail. http://people.consol.de/~lausser/rootsh/rootsh.html http://sudosh.sourceforge.net/ http://www.egbok.com/sudoscript/ http://foosh.sourceforge.net/ http://e133.enemy.cx/xSH-paranoia/ _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
