IMPORTANT: Per accedir als fitxer de subversion: http://acacha.org/svn (sense password). Poc a poc s'aniran migrant els enllaços. Encara però funciona el subversion de la farga però no se sap fins quan... (usuari: prova i la paraula de pas 123456)

To Logging és l'acció de crear o monitoritzar un fitxer de log o bitàcola.

Consulteu:

Vegeu també:

acct

PAM: Add this line to your pam config responsible for logins (its system-auth on redhat based distros)

session    required     pam_tty_audit.so enable=*

pam_tty_audit To find out what was done, you can use.

$ ausearch -ts <some_timestamp> -m tty -i

This produces an output like this:

type=TTY msg=audit(11/30/2011 15:38:39.178:12763684) : tty pid=32377 uid=root
auid=matthew major=136 minor=2 comm=bash data=<up>,<ret>

The only downside to this is is can be a little bit difficult to read, but it is much better than most proposed solutions since in theory it could be used to record an entire session, warts n all.

Edit: Oh and you can use aureport to generate a list that can be more helpful.

# aureport --tty
...
12. 11/30/2011 15:50:54 12764042 501 ? 4294967295 bash "d",<^D>
13. 11/30/2011 15:52:30 12764112 501 ? 4294967295 bash "aureport --ty",<ret>
14. 11/30/2011 15:52:31 12764114 501 ? 4294967295 bash <up>,<left>,<left>,"t",<ret>

Vegeu també:

  • script
  • bash-BOFH: patching and recompiling: works well but need a new patch for each release of the bash
  • snoopy: is logging all commands except shell builtins
  • rootsh/sniffy/ttyrpld/tysnoop: logs everything, also output of commands, it may be useful but it generates very verbose logs
  • grsecurity: patched kernels: powerful but it may be a not suitable solution if an official kernel is required (e.g. for Oracle DB)
  • there is also an old ‘sshd’ patch (‘http://www.kdvelectronics.eu/ssh-logging/ssh-logging.html‘)
  • ‘screen -x’ can also be useful for cooperation work, but it is not a command logger


Pagament: