[ale] Need an method of recording command line operations for auditing purposes
Chris Fowler
cfowler at outpostsentinel.com
Wed Jun 16 16:37:21 EDT 2010
On Wed, 2010-06-16 at 16:02 -0400, James Taylor wrote:
> the acct package is part of the distribution.
> I need to look at in more depth, but it looks promising.
> -jt
>
> >>> "James Taylor" <James.Taylor at eastcobbgroup.com> 6/16/2010 09:50 AM >>>
> Is there a good method for auditing command line operations, similar to bash_history that is not accessible to the user? bash_hisory is functional, but can be edited or deleted by the user.
> Something that is included with a SLES distribution is highly desirable, but if there are some good options, one of them may already be there.
> I've had one suggestion for snoopy, but I don't think it's included with SLES.
> Thanks,
> -jt
>
You might try to incorporate an exec of script into their bash_profile.
First try it with hidden directories in the home.
# bash_profile
# Stuff here
mkdir ~/.audit
exec script -qf ~/.audit/script.`date +%s`
-q is quiet to not alert them
-f flushes after each write so that you could be on another terminal and
executing tail -f against the file.
More information about the Ale
mailing list