[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] Need an method of recording command line operations for auditing purposes
- Subject: [ale] Need an method of recording command line operations for auditing purposes
- From: cfowler at outpostsentinel.com (Chris Fowler)
- Date: Wed, 16 Jun 2010 16:37:21 -0400
- In-reply-to: <[email protected]>
- References: <[email protected]> <[email protected]>
On Wed, 2010-06-16 at 16:02 -0400, James Taylor wrote:
> the acct package is part of the distribution.
> I need to look at in more depth, but it looks promising.
> >>> "James Taylor" <James.Taylor at eastcobbgroup.com> 6/16/2010 09:50 AM >>>
> Is there a good method for auditing command line operations, similar to bash_history that is not accessible to the user? bash_hisory is functional, but can be edited or deleted by the user.
> Something that is included with a SLES distribution is highly desirable, but if there are some good options, one of them may already be there.
> I've had one suggestion for snoopy, but I don't think it's included with SLES.
You might try to incorporate an exec of script into their bash_profile.
First try it with hidden directories in the home.
# Stuff here
exec script -qf ~/.audit/script.`date +%s`
-q is quiet to not alert them
-f flushes after each write so that you could be on another terminal and
executing tail -f against the file.