On a server requirements are that all commands issued by root or using sudo must be sent to syslog, with real user's name (PCI requirement).
For the standard shell (bash) this is not a problem, simply added this line to /root/.bashrc:
Code:
PROMPT_COMMAND='history -a >(tee -a ~/.bash_history | logger -t "$USER[$$] $SUDO_USER[$$] $SSH_CONNECTION")'
But the server also has tcsh, how do I configure it there?
I've tried to use 'precmd' in /root/.cshrc but it fails to log anything. The closest I got is
Code:
alias precmd tee -a ~/.history | logger -t "$USER[$$] $SUDO_USER[$$]"
This doesn't output any error message when switching shell to tcsh, but still nothing is logged.
Putting single quote around the command almost works - when logging in it's like command waiting to finish, if I press <enter> I get a line in /var/log/messages - so it obviously logs to syslog! (And I've tried all 3 single quotes).
But then, the prompt just hangs, like with a not completed command.
Setting the command between parenteses I get "Badly placed ()'s"
And tcsh cannot be removed (required by subversion and some other apps we simply must have).
Server is running OpenSuse 12.1.
Any ideas?