Logging all commands

Printable View

February 25th, 2003, 01:48 PM
DalamarArgent

Logging all commands

Good Afternoon Everyone.

As most are aware, on the majority of *Nix Systems, all accounts have a history file that logs what they type.

The problem I have with this, is that certain users connect, then SU to other users, and issue commands. History does not differentiate between those that logged in as the account and those that su-ed to the account.

Is there any way of logging these?
Can a connection history be logged to one file, no matter if they su-ed to another account?

Any help, suggestions, tips are most welcome.

Thanks
February 25th, 2003, 02:01 PM
the_JinX

I don't think that can be done..

But then again.. what do I know ;)
March 19th, 2003, 09:56 AM
DragonCurve

not by default.. although you could code an LKM to log keys pressed, but this is messy. when a user su's to another account, the history will go into that account's history file.
March 19th, 2003, 10:12 AM
xmover

you can use keylogger if your want. try www.invisblekeylogger.com
March 19th, 2003, 11:22 AM
MrLinus

Actually, there is something that's being used by the HoneyNet Project. And it's a special bash shell keylogger.

This patch relies on syslogd.

http://www.honeynet.org/papers/honey...ols/bash.patch

This second patch doesn't. The keystrokes can be sent elsewhere via UDP, ensuring that if the localhost's syslog get's pooched there still is a record of activity.
http://www.honeynet.org/papers/honey...sh-anton.patch