Re: Logging command line

From: Ignacio Vidal (ividal@BIYCSA.COM.AR)
Date: Wed Oct 01 2003 - 16:27:41 EDT

• Next message: Patrick B. O'Brien: "5L installp errors"
• Previous message: John Jolet: "Re: Auto-negotiate on a Gigabit Ethernet card"
• Maybe in reply to: Ignacio Vidal: "Logging command line"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I was between some options...
The fist one: using something similar to HISTSIZE and .sh_history
or
enabling auditing (as John Jolet pointed)
or
using sudo's log file (after enabling "sudo ksh" for a user)

BTW we've auditing enabled in the servers, so I'll see how to use less auditable objects for this.
Thanks

Ignacio

> -----Mensaje original-----
> De: Bill Verzal [mailto:BVerzal@KOMATSUNA.COM]
> Enviado el: Wednesday, October 01, 2003 12:00 PM
> Para: aix-l@Princeton.EDU
> Asunto: Re: Logging command line
>
>
> $HOME/.sh_history. But if they "su", it will change.
>
> BV
> --------------------------------------------------------
>
> Bill Verzal
> AIX Administrator, Komatsu America
> (847) 970-3726 - direct
> (847) 970-4184 - fax
>
>
> |---------+---------------------------->
> | | "Taylor, David" |
> | | <DTaylor@WBMI.COM|
> | | > |
> | | Sent by: IBM AIX |
> | | Discussion List |
> | | <aix-l@Princeton.|
> | | EDU> |
> | | |
> | | |
> | | 10/01/2003 09:28 |
> | | AM |
> | | Please respond to|
> | | IBM AIX |
> | | Discussion List |
> | | |
> |---------+---------------------------->
>
> >-------------------------------------------------------------
> ------------------------------------------------------------------|
> |
> |
> | To: aix-l@Princeton.EDU
> |
> | cc:
> |
> | Subject: Re: Logging command line
> |
>
> >-------------------------------------------------------------
> ------------------------------------------------------------------|
>
>
>
>
> Take a look at the "script" command
>
> David
>
> -----Original Message-----
> From: Ignacio Vidal [mailto:ividal@BIYCSA.COM.AR]
> Sent: Wednesday, October 01, 2003 9:25 AM
> To: aix-l@Princeton.EDU
> Subject: Logging command line
> Importance: High
>
> Hello:
> I was required to log user's activity for security auditing purposes.
> How can I "track" all commands written in a shell's command line?
>
> I believe that I can use "/usr/local/bin/sudo -u <username>
> /usr/bin/ksh" as the user shell, and take sudo's log file for this
> purpose... does anyone have any suggestion?
>
> Thanks in advance!!
> Regards
>
> Ignacio
>
>
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote also confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses.
>
> www.mimesweeper.com
> **********************************************************************
>

• Next message: Patrick B. O'Brien: "5L installp errors"
• Previous message: John Jolet: "Re: Auto-negotiate on a Gigabit Ethernet card"
• Maybe in reply to: Ignacio Vidal: "Logging command line"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:15 EDT