LinuxSA Mailing list archives

  From: Alan Kennington <akenning@dog.topology.org>
  To  : Jason Tan <jason@rebel.rebel.net.au>
  Date: Mon, 9 Apr 2001 17:04:53 +0930

Re: command logging

On Mon, Apr 09, 2001 at 10:30:07AM +0930, Jason Tan wrote:
> 
> sudo _may_ help.
> 
[....]
> Jason
> 
> On Sat, 7 Apr 2001, Mark wrote:
> 
> > Hi All,
> > 
> > does anyone know of any utilities which can be installed (as root) on a 
> > linux machine which will log all commands a user does?
> > 
[...]

Mark and Jason,

If you've got more than one machine, one way to log everything would
be to replace the standard shell with a trivial shell which
logs the person in to a different machine.
And then you use tcpdump to log every packet they send.

Alternatively, if the user has their own computer, and you have your
computer that you want logged, just run tcpdump-to-a-file on the
whole interaction.
Then run ethereal over the saved file.

If you set up a honey-pot for hackers, then that's a good way to find out
what they're doing too.

Cheers,
Alan Kennington.

PS. On a totally different topic, how's this for a set of etiquette rules:

1.	If it's potentially useful, send it to linuxsa.
2.	If it's a flame or anti-flame or anti-anti-flame,
	send it to the individual concerned.
	I.e. people wanting to brawl should step outside
	for a while.
Just a thought in passing.

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject