03-18-2007
Capture of all commands issued by the user “root”
I have to write a script (not C based) that allows to capture of all commands issued by the user “root”.
First, I tried to monitor the .bash_history but the commands are written in chunk after the .bash_history is closed.
How can I capture the commands in Real-Time without waiting root to close his shell ?
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi all,
I have a problem which needs to be solved soon because it affects auditing capabilities.
There is an application id that has to be used by other users for the purpose of production support.
The application user id uses C shell.
We allow users to switch to the application user id based... (1 Reply)
Discussion started by: s_saran
1 Replies
2. HP-UX
Hi
I have been asked to find out how to
1) create users
2) reset passwords
3) kill processes that may require root privileges
without having root password, sudo rights or rights to passwd command
Any ideas?
Thanks in advance (1 Reply)
Discussion started by: emealogistics
1 Replies
3. Shell Programming and Scripting
Dear all
Ihave written a script in Hpux9.0, the ecript is working fine if I run it from root command prompt
But when I am running it thru /etc/profile or /user/.profile and login as a normal user, the owner of the process running the script is the normal user & hence cant run a root privileaged... (7 Replies)
Discussion started by: initin
7 Replies
4. UNIX for Dummies Questions & Answers
hi
i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help
Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies
5. UNIX for Advanced & Expert Users
Hi,
I would like to know if there is anyway that I can pinpoint the user before/after he connects to the root? Also, I'm trying to find out what are the commands he inputs under root access. (6 Replies)
Discussion started by: pointgetter0
6 Replies
6. Shell Programming and Scripting
is it possible that we can restrict the root user if he runs some commands?? e.g i want if root runs command 'rm etc/passwd', he shoudn't be able to run command and throws error :confused: (3 Replies)
Discussion started by: sheelsadan
3 Replies
7. UNIX for Dummies Questions & Answers
I've been through many threads before i decide to create a separate thread.
I can't really find the solution to my (simple) problem.
Here's what I'm trying to achieve:
As "canar" user I want to run a command, let's say "/opt/ocaml/bin/ocaml" as "duck" user.
The only to achieve this is to... (1 Reply)
Discussion started by: canar
1 Replies
8. Shell Programming and Scripting
Hello I have a script which is working fine so far to generate HTML file. Now i am wondering how do i include a syntax where it can change itself to root user and execute a specific commands as root user.
Please help, Thanks in advance.
-Siddhesh (2 Replies)
Discussion started by: Siddheshk
2 Replies
9. AIX
Hello,
I am testing sudo and I want to test it. Can anyone please let me know few commands (of course other than shutdown, reboot etc. as I can't reboot the box) on AIX that can be run by ROOT only.
Thanks
---------- Post updated at 07:43 PM ---------- Previous update was at 07:38 PM... (5 Replies)
Discussion started by: prvnrk
5 Replies
10. Shell Programming and Scripting
Platform :Oracle Linux 6.4
We are trying to automate the SAN level cloning from production RAC DB cluster to test.
From a shell script, I would like to run the below command Step1,2 and 3 from Node1 in a sequential order as root user . How can I do this ? passwordless for root user is not... (2 Replies)
Discussion started by: kraljic
2 Replies
LEARN ABOUT OSF1
lastcomm
lastcomm(8) System Manager's Manual lastcomm(8)
NAME
lastcomm - Outputs information about the last commands executed
SYNOPSIS
lastcomm [Command] [Name] [Tty]
DESCRIPTION
The lastcomm command outputs information about all previously executed commands that are recorded in the /var/adm/pacct file in reverse
chronological order.
You may specify a particular command with the Command parameter, a particular user with the Name parameter, and a particular terminal as
the command source with the Tty parameter. Output is then restricted to the specified parameters. A Tty terminal may be named fully (for
example, tty0) or abbreviated (for example, 0).
The following information is displayed for each process: Name of the command under which the process was called. Any flags collected when
the command was executed. The following flags are valid: Command was run with an effective user-id of 0. Command ran after a fork, but
without an exec system call following it. Name of the user who issued the command. The terminal the command was started from. Seconds of
CPU time used. Time the process started.
EXAMPLES
To display information about all previously executed commands recorded in the /var/adm/pacct file, enter: lastcomm Information is displayed
similar to: lastcomm ajh lat/620 1.13 secs Thu Feb 24 15:02 pg ajh lat/620 5.91 secs Thu Feb 24 15:01
ln miller ttyp1 1.14 secs Thu Feb 24 15:01 ls rob ttyp1 0.02 secs Thu Feb 24 15:01 pg
sjz ttyp1 0.33 secs Thu Feb 24 15:00 sendmail SF root __ 0.01 secs Thu Feb 24 15:00 To display information
about commands named a.out executed by the root user on terminal ttyd0, enter: lastcomm a.out root ttyd0
FILES
Specifies the command path. The current accounting file.
RELATED INFORMATION
Commands: last(8) delim off
lastcomm(8)