[clug] Shell handler/monitor
drs at dreamcraft.com.au
Wed Mar 24 11:20:08 GMT 2004
On Wed, Mar 24, 2004 at 09:12:55PM +1100 or thereabouts, Brad Hards wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On Wed, 24 Mar 2004 20:59 pm, Grant Morphett wrote:
> > I don't know the exact label or title of what I want but its basically some
> > sort of shell event handler. Essentially I am looking for a shell (bash
> > like) or something to hook onto a shell where I can configure loads of
> > events to happen on various things. I also need a high level of detailed
> > control. i.e. I would like to be able to stop certain users from running
> > the "rm" command or the chmod command. I would also like to be able to
> > send logs or SNMP messages everytime a user does something that I am
> > interested in i.e. perhaps send an SNMP message of every command a
> > particular user enters. That sort of stuff. Any ideas?
> restricted shell (aka rbash, or bash --restricted) plus some wrapper scripts /
That, a limited path (plus perms that prevent use of standard
tools) and use wrapper scripts that call sudo (set NOPASSWD)
to do anything you want logged
<magic no break command>
sudo -u realuser /usr/local/bin/dostuff $*
and /etc/sudoers contains
ruser hostname = (realuser) NOPASSWD: /usr/local/bin/dostuff
All invocations of dostuff will generate a syslog with
all arguments in the logfile.
Read sudo(8) and sudoers(5) before you use this in anger.
And use visudo to edit your sudoers file, it picks up
syntax errors before they bite you.
Now that I think about this; chroot them as well, and set the
perm on the $CHROOT/usr/bin directory to prevent them running
stuff they shouldn't.
More information about the linux