LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 02-21-2013, 12:57 AM   #1
monojcool
LQ Newbie
 
Registered: Nov 2012
Posts: 9

Rep: Reputation: Disabled
Tracking All session history in one file


Dear All,

I want to keep all the session history in one file,please help me out to configure so.

Here is the test scenario-

Suppose i have three client A,B and C tries to log in to one Server XA there session specific command and Clint IPADDRESS should get logged in one file...like .bash_history or any other file if there.


I tried simple implementation but it didn't work....I don't have much idea about linux please help me out to configure so.

I tried below procedure..

HOSTTIMEFORMAT="%d/%m/%y %t $SSH_CLIENT"

When i set above environment variable it formats the output of "history" command.

$SSH_CLIENT will track client specific IP ADDRESS



Thanks and Regards
Monoj
 
Old 02-21-2013, 04:51 AM   #2
monojcool
LQ Newbie
 
Registered: Nov 2012
Posts: 9

Original Poster
Rep: Reputation: Disabled
Dear All,


Any one knows to display session specific history.


Thanks in advance

Regards
Monoj
 
Old 02-21-2013, 12:23 PM   #3
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 1,990

Rep: Reputation: 512Reputation: 512Reputation: 512Reputation: 512Reputation: 512Reputation: 512
I don't believe it will work properly - each bash session will be buffered in history... so whoever is last to logout is the one that will be recorded.
 
Old 02-22-2013, 12:42 AM   #4
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,225

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
Possibly rootsh http://linux.die.net/man/1/rootsh
 
Old 02-22-2013, 03:00 AM   #5
TKH
Member
 
Registered: Jul 2011
Location: Milky Way
Distribution: Ubuntu, LFS, Slackware, Fedora
Posts: 205

Rep: Reputation: 20
Quote:
Originally Posted by monojcool View Post
I want to keep all the session history in one file
i don't think that would be wise...
 
Old 02-22-2013, 06:17 AM   #6
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Slack14_64_Multilib
Posts: 3,042
Blog Entries: 4

Rep: Reputation: 737Reputation: 737Reputation: 737Reputation: 737Reputation: 737Reputation: 737Reputation: 737
Quote:
Originally Posted by monojcool View Post
Any one knows to display session specific history.
Code:
cat /home/$user/.bash_history
 
Old 02-22-2013, 08:18 AM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,953
Blog Entries: 54

Rep: Reputation: 2733Reputation: 2733Reputation: 2733Reputation: 2733Reputation: 2733Reputation: 2733Reputation: 2733Reputation: 2733Reputation: 2733Reputation: 2733Reputation: 2733
Mainstream Linux distribution installations don't cater for an all-encompassing audit trail out-of-the-box. Like any $LOGNAME-owned files shell history (settings) can be disabled or tampered with and won't show everything (for instance what happens inside a CLI application like a MUA or an $EDITOR). Most that ask such questions never anticipated the question and obviously you can't display what you didn't log before. Next to that bolting measures on should be preceded by verifying any existing modifications first. However the first and overarching aspect is (or should be) to look at the reasons for requiring logging. For example if this is about regulatory compliance then the implementation documentation should tell you what logging is required and how to implement it. Mandatory compliance or other pressing arguments will also help you judge if for example the amount of work involved or the invasiveness of certain solutions are in line with the benefits.

That said realistically speaking there are only a few tools that will help establish a reasonably good audit trail. The first is to send all logging to a well-protected, tamper-proof remote syslog server. Secondly restrict and limit access as much as possible (see for example 'chage', /etc/pam.d/*, /etc/security/* and obviously no "ALL ALL = NOPASSWD" in /etc/sudoers) and ensure logging has the required facility / priority settings. In essence: basic system hardening. RHEL includes SELinux which should be enabled with at least the unmodified targeted policy and it has the audit service which should run with the appropriate (mix of) LSPP, CAPP, NISPOM or STIG rules and enhanced with specific local watches. Session logging can then be done like chrism01 already suggested with Rootsh or a logging shell or using 'snoopy'.

For more information please see https://www.linuxquestions.org/quest...patches-34823/ and the linked docs / posts it leads to.

HTH
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache 2.2.3 Session tracking with mod_session produces load error on module load programlight Linux - Server 1 10-24-2011 04:48 PM
detect file deletion on an operating system and trace the file history or activity? lovsis Linux - Security 2 10-19-2010 08:52 AM
tcsh: can you save the history from multiple shells to one history file? BrianK General 2 04-23-2009 05:19 AM
tracking history cmd by other user jenson Linux - Server 2 12-01-2007 08:45 AM
session tracking and logfiles paperdiesel Linux - Software 12 02-19-2006 04:29 PM


All times are GMT -5. The time now is 01:55 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration