Mars,
Not sure if it's an exact fit, but I put together a small patch
against bash 3.x a while back for someone that logs all commands to
syslog. It hooks the commands as they're being logged into bash's
history buffer, so a (remote) syslog can capture commands in real
time.

I don't recall what all it logged. I believe UID, $PWD, and
command. Timestamp came from syslog.

Let me know if you're interested, I'll dig around for the .diff
and send it to you.

Regards,
TJ Easter

On Mon, Jul 28, 2008 at 8:34 AM, Mars Gobetti <erresei6 (at) libero (dot) it [email concealed]> wrote:
> In an effort to comply with iso 27001, Webtrust and other security certifications I need to audit root shell usage on many linux servers: every bash command entered in the shell ,with timestamps, and possibly logging to a remote server.
> Which is the best (enterprise class) way to do that?
>
> Currently in our environment administrators get root shell access using sudo -i. Do I need to change this?
> I've seen around sudosh (wich do the job locally), then Enterprise Audit Shell, but it seems to me this projects are not active any more.
> Will Free IPA be an answer?
>
> Thank you,
>
> Mars Gobetti
>
>

--
"Being a humanist means trying to behave decently without expectation
of rewards or punishment after you are dead." -- Kurt Vonnegut, 1922 -
2007
http://keyserver1.pgp.com/vkd/DownloadKey.event?keyid=0x5EB6E92FE2340DEF

[ reply ]