LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   How to forcely dump the history of user commands to the admin dump file. (http://www.linuxquestions.org/questions/linux-security-4/how-to-forcely-dump-the-history-of-user-commands-to-the-admin-dump-file-159699/)

mcp_achindra 03-19-2004 01:30 AM

How to forcely dump the history of user commands to the admin dump file.
 
I have a system with various levels of security.

Manager
|
~~~~~~~~~~~~~~~~~~~~~~
| | |
Dept 1 Dept 2 Dept 3

I want to trace the history of all user commands and dump them into a log file being maintained under manager. The user log is maintained under the history file in their home directories, but the history of commands is dumped to the history file after the user logs off.

I want to take the backup every hour, automate it for all users, and flush the history buffer.

How ?

The next thing that is bugging me is, the Logout Command, there is no logout command in the system, no aliases and I am unable to trace any Links. I believe, the logout command sends ctrl+d signal to the init process. I am unable to trace the file where the backspace key, the tab key and all other macros are configured. If any one can help me in that.

If any one can help me with detailed booting process of a linux system.

unSpawn 03-19-2004 12:04 PM

The user log is maintained under the history file in their home directories, but the history of commands is dumped to the history file after the user logs off.
Like in "ln -sf /dev/null ~/.bash_history"?


I want to trace the history of all user commands and dump them into a log file being maintained under manager.
There's a few options for logging I can think of:
- honeypot Bash shell with syslogging: http://www.rootshell.be/~unspawn/packaging/bash.html
- LKM to track execve's like Syscalltrack or procmon
- Grsecurity(.net) (or other) reinforced kernel with the audit options on
all options have drawbacks. I'm using Grsecurity.


All times are GMT -5. The time now is 04:34 AM.