February 25th, 2003, 12:48 PM
Logging all commands
Good Afternoon Everyone.
As most are aware, on the majority of *Nix Systems, all accounts have a history file that logs what they type.
The problem I have with this, is that certain users connect, then SU to other users, and issue commands. History does not differentiate between those that logged in as the account and those that su-ed to the account.
Is there any way of logging these?
Can a connection history be logged to one file, no matter if they su-ed to another account?
Any help, suggestions, tips are most welcome.
Pink ribbon scars, That never forget
I tried so hard, To cleanse these regrets
My angel wings, Were bruised and restrained
My belly stings
February 25th, 2003, 01:01 PM
I don't think that can be done..
But then again.. what do I know
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio
the best station for C64 Remixes !
March 19th, 2003, 08:56 AM
not by default.. although you could code an LKM to log keys pressed, but this is messy. when a user su's to another account, the history will go into that account's history file.
March 19th, 2003, 09:12 AM
you can use keylogger if your want. try www.invisblekeylogger.com
March 19th, 2003, 10:22 AM
Actually, there is something that's being used by the HoneyNet Project. And it's a special bash shell keylogger.
This patch relies on syslogd.
This second patch doesn't. The keystrokes can be sent elsewhere via UDP, ensuring that if the localhost's syslog get's pooched there still is a record of activity.