Accounting tool (sudosh)This is a discussion on Accounting tool (sudosh) within the solaris forums in Operating Systems category; Iīm looking for a tool to log all commands typed by a specified user. Have you any experience with sudosh ? Is there any way to put sudosh in .profile file ? I donīt want install BSM.... | ||||||||
| | ||||||||
| ||||||||
| Register | FAQ | Calendar | Search | Today's Posts | Mark Forums Read |
|
#1
08-28-2008, 08:55 AM
|
 Accounting tool (sudosh) Iīm looking for a tool to log all commands typed by a specified user. Have you any experience with sudosh ? Is there any way to put sudosh in .profile file ? I donīt want install BSM.  |
|
#2
08-28-2008, 01:31 PM
|
| Re: Accounting tool (sudosh) On Aug 28, 12:55*pm, apogeusiste...@gmail.com wrote: > Iīm looking for a tool to log all commands typed by a specified user. > Have you any experience with sudosh ? > Is there any way to put sudosh in .profile file ? > I donīt want install BSM. But you really need to. It's essentially impossible to do this otherwise (although you can get close if your user is not malicious) |
|
#3
08-28-2008, 02:04 PM
|
| Re: Accounting tool (sudosh) On Aug 28, 1:55*pm, apogeusiste...@gmail.com wrote: > Iīm looking for a tool to log all commands typed by a specified user. > Have you any experience with sudosh ? > Is there any way to put sudosh in .profile file ? > I donīt want install BSM. If you have Solaris 10, you can look at execsnoop script from DtraceToolkit, which does job you want. Daniel |
|
#4
08-28-2008, 07:09 PM
|
| Re: Accounting tool (sudosh) On Aug 28, 2:55*pm, apogeusiste...@gmail.com wrote: > Iīm looking for a tool to log all commands typed by a specified user. > Have you any experience with sudosh ? > Is there any way to put sudosh in .profile file ? > I donīt want install BSM. I don't know what BSM is, but i know a gr8 way to audit things -> auditing, builtin in Solaris. For a howto and explanations go to www.c0t0d0s0.org, download the whole book, which is awesome, and read about auditing in the security section. Chances are you will find other cool stuff there. Good luck. |
|
#5
08-28-2008, 10:29 PM
|
| Re: Accounting tool (sudosh) On Aug 28, 5:55*am, apogeusiste...@gmail.com wrote: > Iīm looking for a tool to log all commands typed by a specified user. > Have you any experience with sudosh ? > Is there any way to put sudosh in .profile file ? > I donīt want install BSM. You don't want to "install" BSM or you don't want to enable and use BSM? BSM is the Basic Security Module, it was once known as Sun Shield Basic Security Module and is installed with every Enterprise Solaris install. If your using Solaris 10, it is now called Solaris Auditing. For what you want it is fairly trivial to configure. 1) edit the /etc/security/audit_startup file by adding: /usr/sbin/auditconfig -setpolicy +argv (this will add all arguments to the audit of any executed program) 2) edit the /etc/security/audit_user file add a new string or replace the existing one: (where user is the user name, this will log all execute commands) 3) run /etc/security/bsmconv Optionally you could edit audit_control to change the location of the audit trail otherwise it will use /var/audit It should be a separate partition but doesn't have to be. use praudit to examine the audit trail, I suggest reading the auditreduce, praudit and audit.log man pages. If what you mean is you don't want to use BSM, then ignore this. |
|
#6
08-29-2008, 08:29 AM
|
| Re: Accounting tool (sudosh) On 28 ago, 22:29, "tim.w...@Inklingresearch.com" wrote: > On Aug 28, 5:55*am, apogeusiste...@gmail.com wrote: > > > Iīm looking for a tool to log all commands typed by a specified user. > > Have you any experience with sudosh ? > > Is there any way to put sudosh in .profile file ? > > I donīt want install BSM. > > You don't want to "install" BSM or you don't want to enable and use > BSM? > > BSM is the Basic Security Module, it was once known as Sun Shield > Basic Security Module and is installed with every Enterprise Solaris > install. If your using Solaris 10, it is now called Solaris Auditing. > > For what you want it is fairly trivial to configure. > > 1) edit the /etc/security/audit_startup file by adding: > > */usr/sbin/auditconfig -setpolicy +argv > > (this will add all arguments to the audit of any executed *program) > > 2) edit the /etc/security/audit_user file add a new string or replace > the existing one: > > > > (where user is the user name, this will log all execute commands) > > 3) run /etc/security/bsmconv > > Optionally you could edit audit_control to change the location of the > audit trail otherwise it will use /var/audit > It should be a separate partition but doesn't have to be. use praudit > to examine the audit trail, I suggest reading the auditreduce, praudit > and audit.log man pages. > > If what you mean is you don't want to use BSM, then ignore this. I'm looking for a tool to stay between keyboard and the system, and sudosh make this task, but how enable it every time that an user log in in to the system ? |
|
#7
08-29-2008, 11:11 AM
|
| Re: Accounting tool (sudosh) tim.wort-at-Inklingresearch.com wrote: > For what you want (BSM) is fairly trivial to configure. thanks for those details, very useful info. |
|
#8
08-29-2008, 01:33 PM
|
| Re: Accounting tool (sudosh) In article <3f71b3a3-e0ee-4a9d-b7a5-16605face402@c65g2000hsa.googlegroups.com>, apogeusistemas-at-gmail.com wrote: > On 28 ago, 22:29, "tim.w...@Inklingresearch.com" > wrote: > > On Aug 28, 5:55*am, apogeusiste...@gmail.com wrote: > > > > > Iīm looking for a tool to log all commands typed by a specified user. > > > Have you any experience with sudosh ? > > > Is there any way to put sudosh in .profile file ? > > > I donīt want install BSM. > > > > You don't want to "install" BSM or you don't want to enable and use > > BSM? > > > > BSM is the Basic Security Module, it was once known as Sun Shield > > Basic Security Module and is installed with every Enterprise Solaris > > install. If your using Solaris 10, it is now called Solaris Auditing. > > > > For what you want it is fairly trivial to configure. > > > > 1) edit the /etc/security/audit_startup file by adding: > > > > */usr/sbin/auditconfig -setpolicy +argv > > > > (this will add all arguments to the audit of any executed *program) > > > > 2) edit the /etc/security/audit_user file add a new string or replace > > the existing one: > > > > > > > > (where user is the user name, this will log all execute commands) > > > > 3) run /etc/security/bsmconv > > > > Optionally you could edit audit_control to change the location of the > > audit trail otherwise it will use /var/audit > > It should be a separate partition but doesn't have to be. use praudit > > to examine the audit trail, I suggest reading the auditreduce, praudit > > and audit.log man pages. > > > > If what you mean is you don't want to use BSM, then ignore this. > > I'm looking for a tool to stay between keyboard and the system, and > sudosh make this task, but how enable it every time that an user log > in > in to the system ? download source: http://sourceforge.net/projects/sudosh/ configure, compile, test, then install (someplace other than /usr/bin like /opt/bin or /csw/bin or /whatever/bin). Configure sudosh then setup accounts to use that as their default shell. What's the problem with reading the README file in the distribution? -- DeeDee, don't press that button! DeeDee! NO! Dee... [I filter all Goggle Groups posts, so any reply may be automatically by ignored] |
 |
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
All times are GMT -4. The time now is 05:04 AM.
