October 22nd, 2010, 08:24 PM
Need to see what ther Root users are doing while logged in to terminal
I have a server that i need to monitor what the .bash_history file for the root user already logged in to the server
I am logged in as root and have another person logged on as root and i want to monitor what they are doing:
root ? :0 2010-10-19 11:54
root + pts/1 2010-10-22 02:27 (192.168.170.1)
root + pts/2 2010-10-19 11:59 (:0.0)
root + pts/3 2010-10-22 03:41 (192.168.170.1)
I am using pts/1 and other person is using pts/3 i want to see what they are doing and need to know how to do this with out scripting something to monitor activity.
October 23rd, 2010, 10:57 AM
1. Why are two people logged in as root, come to think of it, why is anybody logged in as root?
2. Is this a legitimate root user or an intruder. The reason I ask is that it is reasonable to expect that if it is an intruder, they will attempt to obfuscate their activities and delete any evidence of what they have done?
3. Is this a local access or remote?
4. Is the requirement for historical, real time or both data?
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?
October 23rd, 2010, 02:44 PM
Not sure if this is what you want, but try this...
watch -n 10 -d ls -l /root/.bash_history
This watch command will run every 10 seconds and display the differences in the bash history file that have occurred since the last run of this command.
However, you wont be able to ascertain which commands were executed by the various root sessions. It will simply tell you the commands that have been executed by user root. This will run real time.
In God We Trust....Everything else we backup.
By gore in forum The Security Tutorials Forum
Last Post: March 16th, 2005, 10:33 PM
By Noble Hamlet in forum AntiOnline's General Chit Chat
Last Post: March 17th, 2002, 09:38 AM
By ac1dsp3ctrum in forum AntiOnline's General Chit Chat
Last Post: February 17th, 2002, 10:52 AM
By Matty_Cross in forum Security Archives
Last Post: January 4th, 2002, 05:21 PM
By UberC0der in forum Security Archives
Last Post: December 28th, 2001, 10:16 PM