PaulDotCom mailing list archives
Re: A logging root shell
From: Geordy Rostad <geordy () hotmail com>
Date: Tue, 22 Nov 2011 09:44:50 -0800
Hi Nils, Up at Linux Fest Northwest I saw a presentation by a guy who attacked this problem with a couple of scripts. I believe the most simple one was something to this effect but I only jotted it down and didn't actually test it: function log { typeset x x=$(history 1 | cut -f 5-) logger -p daemon.notice -t "LOGINAME" $PWD "${x# }" } trap log DEBUG The presenter's name was Gary Smith. I don't remember him being a security guy as much as a ninja sys admin. -geordy
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: A logging root shell, (continued)
- Re: A logging root shell Owen Connolly (Nov 21)
- Re: A logging root shell Champ Clark III [Quadrant] (Nov 21)
- Re: A logging root shell Matt Erasmus (Nov 21)
- Re: A logging root shell Kevin Shaw (Nov 22)
- A logging root shell Nils (Nov 22)
- Re: A logging root shell Champ Clark III [Quadrant] (Nov 22)
- Re: A logging root shell Jim Halfpenny (Nov 22)
- Re: A logging root shell Jon Schipp (Dec 05)
- Re: A logging root shell Edward Frye (Dec 05)
- Re: A logging root shell Kevin Shortt (Dec 13)
- Re: A logging root shell Champ Clark III [Quadrant] (Nov 22)
- Re: A logging root shell Owen Connolly (Nov 21)
- Re: A logging root shell Nils (Nov 22)