Home page logo
/

basics logo Security Basics mailing list archives

Re: bash_history to track users
From: Valter Santos <vsantola () devfusion net>
Date: Mon, 17 Nov 2003 17:28:05 +0000

Hi,

maybe your approach is not the correct one! It will more valuable and
less risky to send bash commands to syslog and have syslog send
everything to a remote server.

Some time ago i have used Autonomasia's bash-syslog patch [1] for bash
2.03 and adapted it to mandrake's bash 2.05b [2]. In my website you will
find binary RPMs to this last one. If you use another distro shouldn't
be very hard to adapt the patch to it.

reference:
[1] Autonomasia bash-syslog patch for bash-2.03
http://www.honeynet.org/papers/honeynet/tools/bash.patch

[2] My bash-syslog patch for bash-2.05b-12mdk:
http://devfusion.net/~vsantola/packages/bash-syslog/bash-2.05b-syslog.patch

Hope this help
/valter


On Thu, 2003-11-06 at 05:44, Joe Szilagyi wrote:
Hi everyone,

Is there any way to totally keep track of users, to the degree of adding
timestamps and hostnames to each entry in the server's .bash_history files?

The especially wonderful thing would be able to have .bash_history record
the IP/hostname the person responsible is logging in from, i.e., if I'm in
as root from host 'barney.gumble.com', and I run command 'y', I want history
to show like, this, and same from other people logging in...


114 barney.gumble.com passwd marge
115 barney.gumble.com adduser moe
116 65.23.18.95 cd /etc/conf/httpd
117 65.23.18.95 vi httpd.conf
118 barney.gumble.com pico .bachrc


...and so on. Is this possible?


-- 

---..---..---..---..---..---..---..---..---..---..---..---..----
Valter Santos
keys      @ http://devfusion.net/~vsantola/
E2A4B206  @ 99FA 3D80 4B54 BA70 7DD7 C751 47BA 49BC E2A4 B206
---------------------------------------------------------------

Attachment: signature.asc
Description: This is a digitally signed message part


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]