hi cant get the url . is there any alternative one ? regards cheedu On 16 Aug 2000, brian wrote:
i've written a script that logs all the commands execurited by a user, his terminal, the time, the direcotry... i dont use the bash_history but the history itself. now the question is will the history be reliable, will it be moreuseful than .bash_history , will it be legal. also because the script is execurted as the user itself, i'm forced to append the command history to a file which has chattr +a attribute set. so the user can put anything in the file. any ideas to make it stealthy ?, btw, i'm using prompt_command varialble.
There have been some good suggestions, though they'd be really easy to get around (python, perl, running another shell on top of the current one, etc). I'm not sure how much it logs, but there's a kernel module (maybe it can be built-in now?) called exec.c, http://home.xnet.com/~perly/exec.c .
It logs stuff to kern.info like this: EXECVE(UID)[PID]: program arg1 arg2 ... argN
I'm guessing you could set up one of the alternate sysloggers to sort out different users, etc.
It works on the kernel level, so it'd be pretty hard to get around.
-Brian (patiently awaiting 400 billion I'm-on-vacation messages :) )
-- ***** cogito cogito ergo cogito sum: i think that i think, therefore i think that i am. --Devils Dictionary --