Monitoring SSH sessions user activities

M.S · ‎01-08-2009

Hi All,

We have a server, where all users connect to before connecting to other servers beyond it.
Is there a way/tool which monitor each user what is doing on these servers (what commands they are performing) and save these info in a file.

Thanks,

Steven E. Protter · ‎01-08-2009

Shalom,

Set the variables HISTFILE and HISTSIZE in the .profile for the user or /etc/profile and all commands will be recorded.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Matti_Kurkela · ‎01-08-2009

The shell history indicated by SEP is user-modifiable, so it's no good if you need the logs for audit/legal purposes.

We're using the "sudosh" utility to record any activities on system & application admin accounts on some critical systems, but the documentation indicates it's usable as a login shell wrapper too:

http://en.wikipedia.org/wiki/Sudosh

It records everything the user sees and does.
It's available as a source package, so you'll have to compile it.

Remember to allocate plenty of disk space for sudosh logs if you use it. If you run out of disk space for logs, your log record will of course be incomplete.

MK

MK

Mike Stroyan · ‎01-08-2009

You could edit /etc/ssh/sshd_config and tell
sshd to wrap particular logins in a script command. That is very intrusive. There would be no privacy!

# Log all output for users in group 'audited'
Match Group=audited
ForceCommand script -qfa -c 'bash -i' /tmp/snoop_$USER

The user needs access to the file that script is writing. You can prevent them from overwriting that data if you direct script to write into a named pipe that the data is copied out of.

# mknod /tmp/snoop_user1
# chmod 600 /tmp/snoop_user1
# cat < /tmp/snoop_user1 >> /var/log/snoop_user1 &

M.S · ‎01-09-2009

Thx Guys,

Sudosh was a good idea.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Monitoring SSH sessions user activities

Monitoring SSH sessions user activities

Re: Monitoring SSH sessions user activities

Re: Monitoring SSH sessions user activities

Re: Monitoring SSH sessions user activities

Re: Monitoring SSH sessions user activities