Re: Using script(1) to log all user sessions

[Jesper Dahl Nyerup <nyerup@one.com>]

[-- Attachment #1: Type: text/plain, Size: 2349 bytes --]

On Apr 27  21:53, Ángel González wrote:
> On 25/04/14 10:21, Jesper Dahl Nyerup wrote:
> >[...] support config files, to supply configurable
> >default values for some of the concepts normally passed in the
> >environment or as command line arguments.
> 
> You can start it from a script acting as the user shell, through
> sshd config or one of the shell init scripts. As you already need to
> start script somehow, those defaults could be passed there, too
> (although I don't see a problem with supporting config files
> either).

Yes, this is how we have it working in our current test deployments, but
for simplicity we'd like to leave out these steps, and ideally have
users' shell to be /usr/bin/script.

> >1. Adding a daemon next to script(1) and scriptreplay(1), eg.
> >scriptcollect(1), to be in the receiving end of the traffic, [...]
> 
> I'm unsure about this bit. It may be needed. Perhaps a transfer
> after the session finishes also works.

We also considered that, but we keep running in to theoretical corner
cases where this could end up being a problem - logging in on systems
with filled up mountpoints, securing the transcript even if the system
crashes, and so on.

> >2. Optionally linking against some crypto library to avoid putting
> >users' console data on the wire in clear text.
> 
> Following unix philosophy, I would try to avoid reinventing crypto
> into the program, attempting instead to solve the issue by eg. using
> sftp to transfer the files and/or gpg to encrypt the data.

I fully agree with this concern. This is just a necessary follow up, if
we want to natively enable network support in script(1).

However as both you and others have suggested us to reconsider this, and
as we also were pretty doubtful about this ourselves, we will probably
find an alternative transport method, one way or the other.

> PS: I expect you are properly warning your users about the
> fascist-level logging done on your systems.

I appreciate your concern for our users.

These users are myself as well as my colleagues, and we all have a
shared interest in maintaining audit trails and tracebacks of who did
what, when and where.

I can assure you that everyone are aware of these measures.

Yours,
-- 
Jesper Dahl Nyerup
Systems Engineer
One.com, nyerup@one.com

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]