Writing command executed into logfile
Currently we are using Unix machine & the activity are logged in the file using following code used in profile
.profile code
# /ln/aud_root/dds_ibm/.profile
trap 'print "not allowed"' INT
trap 'print "not allowed"' QUIT
trap 'print "not allowed"' TSTP
PATH="";export PATH
CAIGLBL0000=/unicenter
function error { # log rejections to /var/adm/messages
cause=$1
set $(who -m) # sets id ..... source-addr
echo "SALVO login rejected for $netid by $1 from $6 $cause " # test system only
logger -p daemon.notice "SALVO login rejected for $netid by $1 from $6 $cause"
exit
}
echo "|----------------------------------------------------------------------|"
echo "| 1 rudmrb05 (swidds gerdds gbrdds iredds svkdds swedds) |"
echo "| |"
echo "| 2 rudmrb06 (beldds nordds dendds findds poldds pordds gredds turdds)|"
echo "| (czedds hundds) |"
echo "| |"
echo "| 3 rudmrb07 (autdds espdds fradds holdds itadds) |"
echo "| |"
echo "| 4 rudmra06 (DDS, Osiris Batch Pre-production) |"
echo "| |"
echo "| 5 rudmra07 (SAS, SPS, DEM, Pre-production) |"
echo "| |"
echo "| 9 to change login password |"
echo "| |"
echo "|----------------------------------------------------------------------|"
echo "Choice :-"
umask 0037
read choice
case $choice in
1) server=rudmrb05_app;;
2) server=rudmrb06_app1;;
3) server=rudmrb07_app1;;
4) server=rudmra06;;
5) server=rudmra07;;
9) CAIGLBL0000=/unicenter;
PATH=/usr/bin;
#. /unicenter/scripts/envusr;
$(/usr/bin/passwd);
echo "Password Changed - Please login again"; sleep 2;
exit;;
*) exit;;
esac
echo "enter target user"
read choice2
#LOG=$(/usr/ucb/whoami)_${server}_${choice2}_$(/usr/bin/date +%y%m%d%H%M).log
LOG=$(/usr/bin/date +%y%m%d%H%M)_$(/usr/ucb/whoami)_${server}_${choice2}.log
echo "enter reason for access (ASLog number, ECM Change Number)"
read reason
echo "---------------------------------------------------------------------" >> ${LOG}
echo ${LOG} >> ${LOG}
echo "" >> ${LOG}
echo "Justification - "${reason} >> ${LOG}
echo "---------------------------------------------------------------------" >> ${LOG}
echo "Logging onto server now"
#
/usr/local/bin/ssh -l $choice2 $server | /usr/bin/tee -ai $LOG
exit
We are now migrating Linux and we are going use SUDO to connect application. When we use SUDO to connect application & activities are not logged properly & system also becoming very slow. Here is new code
# SOX implementation: Following code gives user menu to select the DDS instances,
#user’s activity is getting logged
# Written By: Sunil Dagde Date: 04-06-2011
trap 'print "not allowed"' INT
trap 'print "not allowed"' QUIT
trap 'print "not allowed"' TSTP
echo "|----------------------------------------------------------------------|"
echo "| 1 defravmwvmias11 - GERMANY PRE PROD |"
echo "| |"
echo "| 2 defravmwvmias11 - HUNGARY PRE PROD |"
echo "| |"
echo "| 3 to change login password |"
echo "| |"
echo "| 4 Exit From Menu |"
echo "| |"
echo "|----------------------------------------------------------------------|"
echo "Choice :-"
umask 0037
read choice
case $choice in
1) server=defravmwvmias11;;
2) server=defravmwvmias11;;
3) $(/usr/bin/passwd);
echo "Password Changed - Please login again"; sleep 2;
exit;;
4) exit;;
*) exit;;
esac
echo "enter target user"
read choice2
LOG=log/$(date +%y%m%d%H%M)_$(whoami)_${server}_${choice2}.log
echo "enter reason for access (ASLog number, ECM Change Number)"
read reason
echo "---------------------------------------------------------------------" >> ${LOG}
echo ${LOG} >> ${LOG}
echo "" >> ${LOG}
echo "Justification - "${reason} >> ${LOG}
echo "---------------------------------------------------------------------" >> ${LOG}
echo "Logging onto server now"
/usr/bin/sudo su - $choice2 | /usr/bin/tee -ai $LOG
Please suggest
Current
/usr/local/bin/ssh -l $choice2 $server | /usr/bin/tee -ai $LOG
New
/usr/bin/sudo su - $choice2 | /usr/bin/tee -ai $LOG
|