LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-19-2004, 01:30 AM   #1
mcp_achindra
LQ Newbie
 
Registered: Mar 2004
Location: Makhanlal Chaturvedi University, Bhopal, INDIA
Posts: 11

Rep: Reputation: 0
Unhappy How to forcely dump the history of user commands to the admin dump file.


I have a system with various levels of security.

Manager
|
~~~~~~~~~~~~~~~~~~~~~~
| | |
Dept 1 Dept 2 Dept 3

I want to trace the history of all user commands and dump them into a log file being maintained under manager. The user log is maintained under the history file in their home directories, but the history of commands is dumped to the history file after the user logs off.

I want to take the backup every hour, automate it for all users, and flush the history buffer.

How ?

The next thing that is bugging me is, the Logout Command, there is no logout command in the system, no aliases and I am unable to trace any Links. I believe, the logout command sends ctrl+d signal to the init process. I am unable to trace the file where the backspace key, the tab key and all other macros are configured. If any one can help me in that.

If any one can help me with detailed booting process of a linux system.
 
Old 03-19-2004, 12:04 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
The user log is maintained under the history file in their home directories, but the history of commands is dumped to the history file after the user logs off.
Like in "ln -sf /dev/null ~/.bash_history"?


I want to trace the history of all user commands and dump them into a log file being maintained under manager.
There's a few options for logging I can think of:
- honeypot Bash shell with syslogging: http://www.rootshell.be/~unspawn/packaging/bash.html
- LKM to track execve's like Syscalltrack or procmon
- Grsecurity(.net) (or other) reinforced kernel with the audit options on
all options have drawbacks. I'm using Grsecurity.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Core Dump File squinn Linux - Software 1 02-18-2005 12:41 PM
Dump all audio output on a file cyclop Linux - Software 2 01-21-2005 08:53 AM
Help restoring file permissions from a Dump bminish Linux - Newbie 3 12-12-2004 01:34 PM
How do I import a dump file into Aimsniff? MaldiGola Linux - Security 1 12-05-2004 03:31 PM
SuSE 8.1 won't dump core file Caius Linux - Software 0 08-03-2004 06:00 PM


All times are GMT -5. The time now is 03:37 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration