Looking for software to track logins and commands with auto-email
I'm looking for a piece of software to run as a daemon and upon login, start watching, and log all commands given during a session, and upon logout either log, or email this to someone.
Example: 07-19-07 15:23 User michael Logged in Session command history: 15:23:09 #ls -l / 15:23:36 #cd /tmp/ 15:24:01 #rm -rf ./* 15:25:09 #df -h 15:25:45 #logout 07-19-07 15:25 User michael Logged out. Is there anything like this? Perhaps starting a screen session on login, and then emailing the bash_history? Anything? Thanks, Michael |
There's a few, depending on what you need to accomplish, like shell wrappers like Rootsh, Sudosh or Anotatla's Bash logging patch. Other alternatives could be kernel patches like GRSecurity or LKM's like SCT or SELinux.
I'd suggest starting with Rootsh since it's maintained, not that invasive, UID-centric and allows for logging to syslog. The one thing it won't do is email a log, and with a busy server you wouldn't want it to either. |
All times are GMT -5. The time now is 05:43 AM. |