HPE Community
Operating System - HP-UX
1827322 Members
4129 Online
109961 Solutions
New Discussion

Re: Script Command

 
SOLVED
Go to solution
jijujose
Occasional Advisor

‎09-21-2007 03:00 AM

‎09-21-2007 03:00 AM

Script Command

I am using the script command to log whatever the user does after he logs in. I have put the command in his .profile. script -a /tmp/users/user.`date +%d%t` The problem is when he logs in he can see the message - Script started, file is /tmp/users/user.`date +%d%t` Since the script is being executed by his .profile, he can edit the log file & do all the changes. How do i deny the user from editing the script log file
0 Kudos
Reply
16 REPLIES 16
larsoncu
Advisor

‎09-21-2007 03:27 AM

‎09-21-2007 03:27 AM

Re: Script Command

isn't there a -q option to surpress that message?
0 Kudos
Reply
jijujose
Occasional Advisor

‎09-21-2007 03:33 AM

‎09-21-2007 03:33 AM

Re: Script Command

Where do i put that option -q
its giving

script: illegal option -- q

0 Kudos
Reply
Glenn S. Davidson
Trusted Contributor

‎09-21-2007 03:34 AM

‎09-21-2007 03:34 AM

Re: Script Command

Maybe some experimentation is needed here.

I would try to run it from an alias to see if the alias is echo'd instead of the script command. Maybe putting the script command at the top of the copyright/motd so it scrolls off the screen. If you just need the shell history maybe 'tee' would be better?

You might also check the porting archive:

http://hpux.cs.utah.edu/

to see if there is a better solution. I would caution you about the use of these type tools to invade users privacy. There should be a pretty good reason for doing something like this.
Conformity Destroys a mans initiative and independence. It supresses his powerful inner drive to do his own thing.
0 Kudos
Reply
larsoncu
Advisor

‎09-21-2007 03:35 AM

‎09-21-2007 03:35 AM

Re: Script Command

ooops
sorry there is no -q on hpux, there is on aix
0 Kudos
Reply
jijujose
Occasional Advisor

‎09-21-2007 04:23 AM

‎09-21-2007 04:23 AM

Re: Script Command

Thanks Glenn, this is for auditing purposes.
The data is very sensitivie & there are many users who have access to the system.
I tried to change the permission of the dir to root & just give execute permission to the output file. That fails since it should have a write permission for logging activities. Is there any way I can hide the command from getting displayed on the screen wheneve the user logs in. The command is in his .profile so it will execute whenever the user logs in
0 Kudos
Reply
larsoncu
Advisor

‎09-21-2007 05:04 AM

‎09-21-2007 05:04 AM

Re: Script Command

like glen suggested, put it in /etc/profile and not the user's .profile

in profile do something like
if [[ $USER = user ]] ;then
script -a file
clear
fi

copywrite
motd
etc

you could also write to a pipe then create a process that only you can read from it.

using a pipe they wouldn't be able to modify any of the information, but being they would have write permission to the pipe they could feed you bogus information to confuse you.
0 Kudos
Reply
larsoncu
Advisor

‎09-21-2007 05:09 AM

‎09-21-2007 05:09 AM

Re: Script Command

you could also put the script command between stty commands

stty -echo #turn echoing to the screen off
script -a file
stty echo # turn echoing on
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎09-21-2007 09:55 PM

‎09-21-2007 09:55 PM

Re: Script Command

>larsoncu: you could also put the script command between stty commands
stty -echo

This just turns off echoing of user input, not output in general.

Also, when you use script, I think it won't read any other commands after it.
0 Kudos
Reply
Tor-Arne Nostdal
Trusted Contributor

‎09-21-2007 10:32 PM

‎09-21-2007 10:32 PM

Re: Script Command

larsconu
- also proposes to run a clear command after script -a
This will neither work, as the clear command won't be executed until the script is terminated (exit or Ctrl+D)

I assume you would need an 'exit' immediately after the script command to ensure that the user simply not exit the script and continous the work in the original login shell

If you want to audit 'what the users do' it might be an option to put a tail on their history file(s). This could run as a continous process from the root user and collect to some audit logfiles.
You will only get their commands - and not all the output (which might be unnecessary anyway).

/Tor-Arne
I'm trying to become President of the state I'm in...
0 Kudos
Reply
jijujose
Occasional Advisor

‎09-23-2007 06:57 PM

‎09-23-2007 06:57 PM

Re: Script Command

Thanks for all the information. Tor can you give me the tail comamand. I tired the tail -f & output to a different file in the .profile. I also used cat .sh_history > /tmp/users/usr.`date +%d%m` Its creating a file which i cant access. When i tried to vi or cat the file in /tmp/usrs/usr its says no such file.
I tried using stty -echo, script & stty echo but the command is still getting displayed on the screen
stty -echo
script -a /tmp/users/usr.`date +%d%m
stty echo
exit
logout
stty echo
clear
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎09-24-2007 11:20 AM

‎09-24-2007 11:20 AM

Re: Script Command

>Tor can you give me the tail command. I tried the tail -f & output to a different file in the .profile. I also used cat .sh_history > /tmp/users/usr.`date +%d%m`

The tail would just be:
$ tail -f ~/sh_history >> /tmp/users/usr.$(date +%d%m)
(And possibly something that includes the user's name?)

>It's creating a file which i cant access.

Why not? You're root. Unless /tmp/users/ is on NFS you should be able to do anything to that file.

>I tried using stty -echo, script & stty echo but the command is still getting displayed on the screen

Of course, I mentioned why.
0 Kudos
Reply
jijujose
Occasional Advisor

‎09-24-2007 10:29 PM

‎09-24-2007 10:29 PM

Re: Script Command

Thanks Dennis, if i put the tail command in the .sh_history file, the output file will have the logs for only that sessions. The next day when the user logs in it wont have the logs. So i think its better to put it in cron. The cron worked fine. If there are multiple users (say around 50), how do i do it. Maybe a script would help.
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎09-24-2007 10:47 PM

‎09-24-2007 10:47 PM

Solution

Re: Script Command

>if i put the tail command in the .sh_history file, the output file will have the logs for only that sessions.

I don't see why it wouldn't have all of the logs but the user could kill that tail.

>The next day when the user logs in it wont have the logs.

You would have a different file for each day. But you could append to a user specific file.

>If there are multiple users (say around 50), how do i do it. Maybe a script would help.

You would have to have a file of suspect users and just do:
for user in $(< suspect_users); do
tail -f /home/$user/.sh_history >> tmp/users/$user &
done

This assumes the user doesn't change his history filename, HISTFILE.
Reply
AwadheshPandey
Honored Contributor

‎09-24-2007 11:05 PM

‎09-24-2007 11:05 PM

Re: Script Command

jijujose,

if you have a proper planing for users home directory.
schedule this script in crontab as per your requirments.

for user in `cat /etc/passwd|grep home|cut -d: -f1`
do
cat /home/$user/.sh_hostory >> /var/dir/$user.`date +%d%m`
done

Cheers.
It's kind of fun to do the impossible
Reply
jijujose
Occasional Advisor

‎09-26-2007 01:09 AM

‎09-26-2007 01:09 AM

Re: Script Command

Thanks Gentlemen, your inputs have been very useful. I am able to get the log files...is there any way the log file can also have the date & time of the commands the user had entered after he logged in.
0 Kudos
Reply
Oviwan
Honored Contributor

‎09-26-2007 01:26 AM

‎09-26-2007 01:26 AM

Re: Script Command

Hey

check the last and lastb command. this will show you the login and logout time of an user but not the execution time of a command.

Regards
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.