HPE Community
Operating System - Linux
1752337 Members
5747 Online
108787 Solutions
New Discussion юеВ

Re: Linux log

 
Duffs
Regular Advisor

тАО11-22-2006 08:40 PM

тАО11-22-2006 08:40 PM

Linux log

Hi,

I am using RedHat AS4 and I need to capture the ssh login details of different users including the commands they use whilst logged in. So far this level of detail does not get logged in either the messages file or the secure log file.

Does anybody know of additional software or possibe ssh logging options that might enable me capture this amount of detail?

Rgds,
D.
0 Kudos
8 REPLIES 8
Alpha977
Valued Contributor

тАО11-22-2006 08:59 PM

тАО11-22-2006 08:59 PM

Re: Linux log

Hello!

Usually you can see the ssh log connection into /var/log/secure.

If i remember, iptables write into this log files and you can see there.
0 Kudos
Duffs
Regular Advisor

тАО11-22-2006 09:36 PM

тАО11-22-2006 09:36 PM

Re: Linux log

Hi,

I know that the secure log provides limited ssh detail but it does not include the commands that are used by individual users while logged in. I am not using iptabes and have SElinux disabled so this is of no use to me.

R,
D.
0 Kudos
Ivan Ferreira
Honored Contributor

тАО11-23-2006 12:05 AM

тАО11-23-2006 12:05 AM

Re: Linux log

You can use process accounting (accton, lastcomm, etc).

Another option is to use the script command. Add the script command to the /etc/profile catching selected user (if). See man script for details.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Heironimus
Honored Contributor

тАО11-27-2006 09:35 AM

тАО11-27-2006 09:35 AM

Re: Linux log

If you need that level of auditing you can't rely on /etc/profile or any other login script because they're too easy to bypass. If you only want to audit shared accounts like oracle a locked password and proper sudo access would do it. Another option is to use a special auditing shell such as EASH that captures all keystrokes, but that is extremely invasive and may log sensitive information such as passwords.
0 Kudos
Silju
Advisor

тАО11-27-2006 08:03 PM

тАО11-27-2006 08:03 PM

Re: Linux log

Hi Duffs,

Power Broker is the software you are looking for. It can do more than just loging the activities of the user.
You can get more details on this site.
http://www.symark.com/powerbroker.htm

SUDO also can help you in this case.
http://www.gratisoft.us/sudo/sudo.html


Regards
Silju
Technology to empower all
0 Kudos
George Liu_4
Trusted Contributor

тАО11-28-2006 06:15 AM

тАО11-28-2006 06:15 AM

Re: Linux log

Change
LogLevel
in /etc/ssh/sshd_config

The possible values are: QUIET, FATAL, ERROR, INFO,VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO.
0 Kudos
Ivan Ferreira
Honored Contributor

тАО11-28-2006 07:41 AM

тАО11-28-2006 07:41 AM

Re: Linux log

See also:

Enterprise Audit Shell (eash)
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Duffs
Regular Advisor

тАО02-26-2008 08:07 AM

тАО02-26-2008 08:07 AM

Re: Linux log

Thanks for the feedback. I went with sudo.
R,
D
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.