I am working on getting our Linux (and eventually Windows if possible) systems setup so that we can monitor administrative changes and have a history of them to refer to. Currently, I have a pretty good setup going with etckeeper, logwatch, and mercurial keeping track of installed packages, /etc, etc.

I would like to make this just a bit more robust by nagging any admin when they logoff with a message that asks them if they would like to create a changelog for what they just did on the server. A "no" answer would continue the logoff process and a yes answer would take them to their default edit where they could enter whatever they wanted about what they just changed on the system. The changlog helper would then add some standard formatting to their comments (add a date/time, username, indent, rewrap to 70 chars per line, etc.) and prepend that to a file somewhere on the system. I would then include that changelog in the monitoring setup I have already which would result in it being version controlled and sent to a centralized location.

I am envisioning something that would look and work very much the way the commit/comment feature works with mercurial/git/svn, except the comment gets formatted different and saved to a file locally.

I realize something like this probably doesn't exist, so I would also be looking for pointers on how I might script it. I have the skill to handle the formatting, writing to the changelog file, etc.

My uncertainties arise when I consider how I might hook this into the logout routine and default editor of the user. Also, how would I know to run the hook for a real user but not for something like sftp/scp, etc.

Thanks.

Failing to understand why it is important to sign off on changes right after they are made leads to not logging anything, or in case one is forced to entering anything that gets the user past it like just "blah", so I wonder if it is useful or will make things more robust. This being first and foremost a matter of discipline, your standard weapon of choice should be education, not technology IMO. Also there could be potential problems like attributing and claiming changes, for instance one user logging out while another is still editing configuration files, changes made the sneaky way, changes made in earlier or interrupted sessions or simply forgetting to list everything that's been changed.


Submitting to syslog (one of the local slots?) using 'logger' (can take aprox 300 words per line) gets you a date and timestamp and $LOGNAME should be in the unprivileged users shell environment. Else why not just use a plain text file and a macro that adds a date and timestamp?


Ah, like using 'sudo etckeeper commit "unusually short, incomplete, non-descriptive and utterly uninteresting message.";'? ;-p


Only allowing shells that support a ~/.*logout script would be the easiest I think and a default editor you could set if none can be detected. Running a shell that is not interactive (SCP at least IIRC) should be easy to detect with 6.3.3 Interactive Shell Behavior.


* Also since this is not about Linux Security I'll move your thread to the Linux General forum or any other forum if you select a fitting one.