From: Stephen Satchell <list@fluent2.pyramid.net>
To: Prashant Desai <pressy_sun@yahoo.com>, linux-admin@vger.kernel.org
Subject: Re: critical server commands logging
Date: Sat, 11 Jan 2003 10:46:29 -0800 [thread overview]
Message-ID: <5.2.0.9.0.20030111103544.01d32c10@fluent2.pyramid.net> (raw)
In-Reply-To: <20030111174241.37502.qmail@web14807.mail.yahoo.com>
At 09:42 AM 1/11/03 -0800, Prashant Desai wrote:
> i want to log each and every commands which
>each user gives during their login session to the
>redhat linux 7.1/6.1/7.0 servers these server are very
>critical for us and as there are multiple users around
>5 whom are using these server , ya all the logging
>should go to the syslog server ,
>
> has any one done this ? how ?
>
> is this possible ?? how ? any pointers would be
>greatly appritiatted.
If the server is so critical, why are these five people doing *anything* on
it? Boxes are so cheap that it may be better for the five users to use a
less critical server. Disable remote shell access to the server (so in
order to log on, someone has to use the console) and lock up the console.
Maintenance functions can be scripted, and then your scripts can use the
logger(1) function to indicate who and what. Scripts would also perform
sanity checks on the changes to be made on the server, so that
misconfiguration becomes less of a problem.
If you absolutely must allow shell access, you can take the source of bash
and patch it to include calls to the syslog function to log command-line
input. Unless you are very, very careful, though, you will catch virtually
all script-based activity built into the system, which makes for a very
large log. On the other hand, if you go too far in the other direction,
people can create and execute scripts and you will never know what was in
those scripts.
Better to compartmentalize.
Satch
--
The human mind treats a new idea the way the body treats a strange
protein: it rejects it. -- P. Medawar
This posting is for entertainment purposes only; it is not a legal opinion.
next prev parent reply other threads:[~2003-01-11 18:46 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-01-11 17:42 critical server commands logging Prashant Desai
2003-01-11 18:46 ` Stephen Satchell [this message]
2003-01-11 20:24 ` urgrue
2003-01-11 20:35 ` Mike Dresser
2003-01-11 20:55 ` Glynn Clements
2003-01-12 5:29 ` Saint Neon
-- strict thread matches above, loose matches on Subject: below --
2003-01-11 17:42 Prashant Desai
2003-01-11 18:26 `
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5.2.0.9.0.20030111103544.01d32c10@fluent2.pyramid.net \
--to=list@fluent2.pyramid.net \
--cc=linux-admin@vger.kernel.org \
--cc=pressy_sun@yahoo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).