[clug-talk] logging users sessions

smagnuson at forzani.com smagnuson at forzani.com
Thu Mar 10 12:47:29 PST 2005


Robert,
Thanks for the suggestion.

nope no x sessions to worry about.
not even too worried about users being able to kill it.  Most are not knowledgeable users.  The purpose is to answer questions like:
USER: What happened to file X, who deleted it?  Why do my files disappear?
SYSADMIN: Let me take a look.  Looks like you deleted it right here..see.

script seemed like a perfect solution until we noticed that it was not running user profiles.  The command calling script in /etc/profile was not allowing the user profiles to run.  .bash_profile would not run but .bashrc would.  I guess script intercepted the login process not allowing it to finish.

The other thing we noticed is that you need to logout one more time.  first one exits script second one exits session.  Believe the below way works around this as well.

One idea was to use a shell wrapper.  so in /etc/passwd your shell would be /usr/local/logger.  logger would call script and bash/sh/ksh.  Haven't looked into this further is see how much work this is.



-----Original Message-----
From: clug-talk-bounces at clug.ca [mailto:clug-talk-bounces at clug.ca]On
Behalf Of Robert Campbell
Sent: Wednesday, March 09, 2005 2:48 PM
To: CLUG General
Subject: Re: [clug-talk] logging users sessions


A quick google brought up the "script" command

I would look into this, and if it is what you want place it into the
/etc/profile stuff so that it starts automatically on login.

not very secure as users could kill script... but can be done.

Maybe you could do a "su - root -c script <some parameters> in the login
so that users can't kill it.... or execute a setuid bourne shell script
wrapper even.

On Wed, 2005-03-09 at 14:25, Robert Campbell wrote:
> Do users have X access over the ssh tunnel, if so logging could be
> difficult?
> 
> On Wed, 2005-03-09 at 11:16, smagnuson at forzani.com wrote:
> > I'm looking for a means to log user sessions.  Does anyone have any experience with this?  What software did you use to do it?
> > 
> > user ssh's in
> > any command they type gets echoed to something like /var/log/......
> > I don't want this to be optional
> > I want this to work with multiple shells (sh, bash, ksh, etc)
> > 
> > thanks
> > sig
> > 
> > 
> > Found the following but have yet to look at them on more detail.
> > http://people.consol.de/~lausser/rootsh/rootsh.html
> > http://sudosh.sourceforge.net/
> > http://www.egbok.com/sudoscript/
> > http://foosh.sourceforge.net/
> > http://e133.enemy.cx/xSH-paranoia/
> > 
> > 
> > 
> > _______________________________________________
> > clug-talk mailing list
> > clug-talk at clug.ca
> > http://clug.ca/mailman/listinfo/clug-talk_clug.ca
> > Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
> > **Please remove these lines when replying
> 
> 
> _______________________________________________
> clug-talk mailing list
> clug-talk at clug.ca
> http://clug.ca/mailman/listinfo/clug-talk_clug.ca
> Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
> **Please remove these lines when replying


_______________________________________________
clug-talk mailing list
clug-talk at clug.ca
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
**Please remove these lines when replying



More information about the clug-talk mailing list