|
From: | Richard Lohman |
Subject: | Logging bash commands to a specific file |
Date: | Fri, 24 Jun 2016 06:08:35 -0500 |
Hi, all:
I've seen this topic come up a time or two, but the responses don't quit match my situation. ...and, if there's a better place to post, please do feel free to let me know.
I need to log all commands entered at the shell for all users on a host (business need, not technical). There is a pre-defined process in place, but no docs/history on how it was implemented. History files don't meet expectations because they can be modified by the user. Likewise, syslog isn't ideal, as shell commands get intermingled with other commands. I have a specific output format I need to stick to for consistency that it not something one would find in an existing solution (Mon day hh:mm:ss hostname process name: [username] command+args). Finally, only root should have read access to the log (sits in /var).
I already took a stab at it, and updated bashhist.c to open and write to a file in the format I need, but as soon as I set the permissions on the target to 660, it breaks as the newly-compiled bash runs as the user, and can no longer write to the file.
So, with all that, any thoughts? I'm happy to work within the source, or apply some external solution.
Thanks in advance,
Rich
[Prev in Thread] | Current Thread | [Next in Thread] |