[clug] bash history > syslog working :)

Edward Lang edlang at edlang.org
Tue Aug 5 00:58:35 GMT 2008


On Tue, Aug 5, 2008 at 10:27 AM, Daniel Pittman <daniel at rimspace.net> wrote:
> "Ron Trujillo" <ron.trujillo at critrade.com> writes:
>> I was able to get most commands to log correctly. So one issue
>> down....  But, the only way it will log messages is if the user always
>> uses the default shell. If they switch to use bash when their default
>> is ksh then only commands run under ksh will be logged.  At this point
>> I am unsure on how to resolve that.  Any Ideas???
> [...]
> If you /really/ need to see each command run consider using some sort of
> appropriate tool.  Otherwise, simply accept that many commands will
> never be visible to your remote logging.

AIX's Trusted Computing Base (TCB) is the appropriate tool:

Poking around in /etc/security/audit/config , the general, files and
objects classes are probably the most relevant to logging someone's
shell usage.

But yeah, TCB...

 - Edward.

Edward C. Lang

Photos: http://www.flickr.com/photos/edlang/

More information about the linux mailing list