[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Need an method of recording command line operations for auditing purposes



On Wed, 2010-06-16 at 16:02 -0400, James Taylor wrote:
> the acct package is part of the distribution.
> I need to look at in more depth, but it looks promising.
> -jt 
>  
> >>> "James Taylor" <James.Taylor at eastcobbgroup.com> 6/16/2010  09:50 AM >>> 
> Is there a good method for auditing command line operations, similar to bash_history that is not accessible to the user? bash_hisory is functional, but can be edited or deleted by the user.
> Something that is included with a SLES distribution is highly desirable, but if there are some good options, one of them may already be there.
> I've had one suggestion for snoopy, but I don't think it's included with SLES.
> Thanks,
> -jt
> 

You might try to incorporate an exec of script into their bash_profile. 
First try it with hidden directories in the home.

# bash_profile

# Stuff here

mkdir ~/.audit
exec script -qf ~/.audit/script.`date +%s`

-q is quiet to not alert them
-f flushes after each write so that you could be on another terminal and
executing tail -f against the file.