HPE Community
Operating System - HP-UX
1833406 Members
2748 Online
110052 Solutions
New Discussion

Re: log all commands type by users

 
kholikt
Super Advisor

‎04-19-2001 05:55 PM

‎04-19-2001 05:55 PM

log all commands type by users

We have some developer know about the root password though they claim that they need the root password. This is getting the system out of my control now. Although the .bash_history will be able to provide information about the previous commands that was executed but it doesn't really helpful for me to keep track all the previous and other users action.

Is there any tools that can record down all the activities and commands executed by all the users and log it into one file. I will be able to see all the related activities including telnet ftp and the commands that executed.
abc
0 Kudos
Reply
5 REPLIES 5
Philip Chan_1
Respected Contributor

‎04-19-2001 06:39 PM

‎04-19-2001 06:39 PM

Re: log all commands type by users

You should not let the developers know about root passwords. If they needed to run commands that only root could do, then you should setup "sudo" for this,

http://www.courtesan.com/sudo/

This tool allows a normal unix user to run privileged commands as root without knowing its password, and that all these commands will be logged. The tool is so flexible that you can even specify time limit for the developers to have their requested authority.

Take a look at it, it is a nice tool to know about and use.

Rgds,
Philip
0 Kudos
Reply
FRED Dennison
Advisor

‎04-19-2001 07:45 PM

‎04-19-2001 07:45 PM

Re: log all commands type by users

The 'script' command is kind of visible to the Users, but it can track commands across 'rlogins' and such other access methods.

Have you examined the possibility of using restricted SAM shells to allow access to specific commands while hiding the 'root' userid from the User? IT/Operations also allows 'root' scripts to be hidden behind icons, and 'sticky bits' can be set on scripts to run it as the owner.

FRED
Peace thru superior firepower.
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎04-19-2001 07:46 PM

‎04-19-2001 07:46 PM

Re: log all commands type by users

Hi,

Make use of /etc/profile for detailed logging purposes.

One way is to make use incorporate an Expect script at the end of your /etc/profile to spawn a shell and log all user commands:
==
#!/usr/local/bin/expect

log_user 0
log_file ~/logfile
spawn "/usr/bin/ksh"
interact
==

Another way is to append to your /etc/profile the script command to log the commands to a logfile eg. /logs/$LOGNAME.`date +%Y%m%d` and trap the logout signal so that your typescript is exited properly.

You can also enable trusted systems and auditing but it has limited command logging functionality and the audit logs are a bit hard to decipher at times.

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
0 Kudos
Reply
Vincenzo Restuccia
Honored Contributor

‎04-20-2001 06:19 AM

‎04-20-2001 06:19 AM

Re: log all commands type by users

See the man of "script" command and insert it in .profile of all users.
Ex. script -a /tmp/log.log
0 Kudos
Reply
Rita C Workman
Honored Contributor

‎04-20-2001 06:37 AM

‎04-20-2001 06:37 AM

Re: log all commands type by users

I don't use it, but I highly recommend Philllip's suggestion of setting up sudo to limited/audited root access.
I tend to not give anyone full root access unless they are the person who is my counterpart/backup....and a vendor (no way !!)
This opens too many security ... and who really did it and is responsible issues. Since root is the login..under normal .history command saving, how could you prove which root did it...
If you have to give access....then protect yourself with sudo...

Just my 2 cents,
/rcw
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.