Vulnerability Development mailing list archives

Re: History Files

From: perly () XNET COM (Perly)
Date: Wed, 19 Apr 2000 16:38:50 -0500


The updated version (which fixes the repeaded argument bug) is available
at
www.xnet.com/~perly/exec.c

-------------------------------------------------------------------------------
        -= Perly < perly () xnet com > =-  C maniac & BOFH

                int main() { return main(); }

On Tue, 18 Apr 2000, George Dodd wrote:

There is a kernel module for Linux written by perly () xnet com that logs
all commands executed on the system through syslog. Works very well for
those of us that dont mind huge logfiles. Im not sure of the website
where I found it though...

George Dodd
gdd () siliconinc net

chris () STRICTLY NOSUCKAZ NET wrote:


Okay, all this talk about bofh, and nobody has mentioned the easiest method of doing this, which is not new to 
linux and provides excellent accounting on what your users are doing, I'm not sure if this saves argv[1-x] but I 
think it does somehow, the base accounting log is enough.  Turn on 'BSD Process Accounting' in your kernel and get 
the bsd process accounting package for your linux distribution.  Now with the simple command: lastcomm, you see 
everything.

The only other 'secure' way I can think of doing this, that would achieve the best results without using cludgy 
scripts or a massive overhead on some 'tail' process hanging off every shell's stdin fd, is have your shells 
patched to dump all input to a file or something.  Process Accounting rocks though, I don't understand why your not 
using it already or why this wouldn't finish this thread. =)

Chris.

On Sat, 15 Apr 2000, audit wrote:

`->Greeting's,
`->
`->I admin a few Linux servers and have a question about user's .bash_history
`->files. The users on the systems keep their history files but I would like
`->to have what they type logged to /root/history/$user_history
`->I know that this is not polite on my end or the other co-admin's but we
`->need to know what our users are doing at all times. These are slackware
`->boxes and some RedHat boxes.
`->
`->Thanks
`->

Current thread:

Alternative to historyfile logging., (continued)
- - - Alternative to historyfile logging. Joel Eriksson (Apr 17)
    - Re: History Files Joel Eriksson (Apr 17)
    - Re: History Files spiff (Apr 18)
    - Re: History Files Corwin J. Grey (Apr 16)
    - Re: History Files Michael Jennings (Apr 16)
    - Cooments on the dvwssr.dll vulnerability threads Iván Arce (Apr 17)
    - Re: History Files Senior Systems Administrator - Kris W. (Apr 16)
- Re: History Files chris () STRICTLY NOSUCKAZ NET (Apr 15)
  - quick dirty and most of all-easy process accounting via lkm Security Team (Apr 16)
  - Re: History Files George Dodd (Apr 18)
    - Re: History Files Perly (Apr 19)
    - Re: History Files joyce (Apr 19)
    - non-exec stack Lamagra Argamal (Apr 19)
    - Weakness of static addr & MySQL database Tompkins, William A (Apr 20)
    - Re: Weakness of static addr & MySQL database Jim Kinney (Apr 20)
- Re: History Files Dan Garcia (Apr 15)
  - Re: History Files Jeff Bachtel (Apr 15)
    - Re: History Files Ron DuFresne (Apr 15)
  - Re: History Files Erik Fichtner (Apr 15)
- Re: History Files Gerardo (Apr 15)
- Re: History Files Aaron (Apr 15)

(Thread continues...)