Re: bash_history to track users

[Valter Santos <vsantola () devfusion net>]

Hi,

maybe your approach is not the correct one! It will more valuable and
less risky to send bash commands to syslog and have syslog send
everything to a remote server.

Some time ago i have used Autonomasia's bash-syslog patch [1] for bash
2.03 and adapted it to mandrake's bash 2.05b [2]. In my website you will
find binary RPMs to this last one. If you use another distro shouldn't
be very hard to adapt the patch to it.

reference:
[1] Autonomasia bash-syslog patch for bash-2.03
http://www.honeynet.org/papers/honeynet/tools/bash.patch

[2] My bash-syslog patch for bash-2.05b-12mdk:
http://devfusion.net/~vsantola/packages/bash-syslog/bash-2.05b-syslog.patch

Hope this help
/valter


On Thu, 2003-11-06 at 05:44, Joe Szilagyi wrote:
> Hi everyone,
>
> Is there any way to totally keep track of users, to the degree of adding
> timestamps and hostnames to each entry in the server's .bash_history files?
>
> The especially wonderful thing would be able to have .bash_history record
> the IP/hostname the person responsible is logging in from, i.e., if I'm in
> as root from host 'barney.gumble.com', and I run command 'y', I want history
> to show like, this, and same from other people logging in...
>
>
> 114 barney.gumble.com passwd marge
> 115 barney.gumble.com adduser moe
> 116 65.23.18.95 cd /etc/conf/httpd
> 117 65.23.18.95 vi httpd.conf
> 118 barney.gumble.com pico .bachrc
>
>
> ...and so on. Is this possible?


-- 

---..---..---..---..---..---..---..---..---..---..---..---..----
Valter Santos
keys      @ http://devfusion.net/~vsantola/
E2A4B206  @ 99FA 3D80 4B54 BA70 7DD7 C751 47BA 49BC E2A4 B206
---------------------------------------------------------------

Attachment: signature.asc
Description: This is a digitally signed message part