[clug] bash history > syslog working :)
Edward Lang
edlang at edlang.org
Tue Aug 5 00:58:35 GMT 2008
Hi,
On Tue, Aug 5, 2008 at 10:27 AM, Daniel Pittman <daniel at rimspace.net> wrote:
> "Ron Trujillo" <ron.trujillo at critrade.com> writes:
>> I was able to get most commands to log correctly. So one issue
>> down.... But, the only way it will log messages is if the user always
>> uses the default shell. If they switch to use bash when their default
>> is ksh then only commands run under ksh will be logged. At this point
>> I am unsure on how to resolve that. Any Ideas???
>
> [...]
>
> If you /really/ need to see each command run consider using some sort of
> appropriate tool. Otherwise, simply accept that many commands will
> never be visible to your remote logging.
>
AIX's Trusted Computing Base (TCB) is the appropriate tool:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp?topic=/com.ibm.aix.security/doc/security/selecting_audit_events.htm
Poking around in /etc/security/audit/config , the general, files and
objects classes are probably the most relevant to logging someone's
shell usage.
But yeah, TCB...
- Edward.
--
Edward C. Lang
Photos: http://www.flickr.com/photos/edlang/
More information about the linux
mailing list