[logs] How to log - commands and file access
Cesare
tensi at mclink.it
Sun Mar 2 23:24:40 PST 2008
Hy David,
for tracing and intercept all command sent by CLI you can try "sudosh"
or "sudosh2" (the last is new source tree). It work as shell for target
username, every command the user types within the root shell is logged as
well as the output and throught syslog the log-in and log-out.
The "sudosh" (or "sudosh2") shell, after the username log-in on the
system, fork the shell system defined as "default shell" configured into
the config file. I installed it on each system where I installed "sudo"
application.
More on: http://sourceforge.net/projects/sudosh2/
Cesare
david.bigot at devoteam.com ha scritto:
>
> Hello,
>
> I want to known for a customer, how to log automatically on UNIX and
> Linux system :
> - all commands executed (in BASH, ZSH & co ...). I know but the file
> ~/.(ba)sh_history but I prefer a global file or through syslog.
> - all file access by process and username in real-time (not static) or
> if it's not possible, which process and username access to some files
> (or directory) like /etc/shadow, /data/ ...
>
> Regards,
> ----------------------------------------------------------------------
> David Bigot - Consultant sécurité
> Apogée Communications - Groupe DEVOTEAM
> 86, rue Anatole France
> 92300 Levallois-Perret
> téléphone: ()1.41.49.58.04
> email: david.bigot at apogee-com.fr
More information about the LogAnalysis
mailing list