RE: Root shell with logging


Hi all,

due to security contraints I am looking for a shell that logs all
commands that are invoked by the user, in particular if the
user has
become root. I found two (non-RedHat)
approaches: sudosh and rootsh. Sudosh seems to be a pretty
good tool,
unfortunately it logs also passwords in clear-text format.
Rootsh not
only logs keystrokes but also all the output to syslogd and
fills up
our log files . So, both tools are not suitable for us. At
the moment
we just copy the .bash_history file if a user logs out. But this is
not absolutely reliable.

Are there any other approaches? Could someone please point me to a
usable solution for this issue?

Thanks,
Oliver Fenker

I've never used rootsh myself but doesn't it have an option,
--no-syslog, which prevents logging to the syslog file? You
could recompile rootsh forcing the --no-syslog option. You
can find the source code in SourceForge.

HTH,
Michael


Actually, I quickly double-checked a suspicion I had. You can recompile the
code with logging to syslog disabled. Download the source code and run the
/configure command with the --disable-syslog option and then run a make.

That should do it.

Michael

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list