|
|
Sponsored Content
Special Forums
Cybersecurity
How do i find all the commands entered by root on any terminal
Post 302249114 by Smiling Dragon on Monday 20th of October 2008 04:34:20 PM
10-20-2008
Quote:
You can set the default login shell as Bash. This shell is having the tool known as History.
Anyone logged with this shell if execute any command then that command will get stored and appended to /.bash_history file.
You can make a script which will mail you the contents of /.bash_history
at your will and you will have all commands executed by root with
you......
I suppose you could use 'script "/some/log/dir`who am i | awk '{ print $1 }'`-`date`"' ...
As for moving the users over to another access model, set up the 'new way' and show the users. You can reassure them that they will retain their su rights to root for now to give them a chance to evaluate the new method. Watch the sulog file and contact the person each time they use su to ask what they tried to do via sudo but couldn't. You can then fix whatever it was (or remind them that the access will be taken away and they should be finidng all the issues before it's too late).
Once you have all the problems cleared up, change the password to something only you know.
If you meet resistance, talk to your risk team and show them the very big risk involved in having more than one person able to do work as root without being able to trace who did what. Risk guys hate being unable to trace things back to a single person.
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi there. Linux newbie and I'm trying to find commands to:
Display number of executable files in a directory that i supply and list them in alphabetical order
Back up all the files in the current irectory to a directory i supply, creating that directory if it's not allready there
Cound... (5 Replies)
Discussion started by: indigoecho
5 Replies
2. Solaris
I want to enable root login just from one terminal machine, can i do that via /etc/default/login in console=/dev/console line ?
and if so what i have to type exactly, another question is it normal to edit the files inside defaults directly ? or i can copy it to /etc/ and edit it there and its... (3 Replies)
Discussion started by: XP_2600
3 Replies
3. AIX
Hi, yesterday, I changed root's shell in /etc/passwd, cause a mistake then I can not log in root account (can't find correct shell). I attempted to log in single-mode, however, it prompted for single-mode's password then I type root's password but still can not log in.
I'm using AIX 5L version 5.2... (2 Replies)
Discussion started by: neikel
2 Replies
4. UNIX for Dummies Questions & Answers
hi
i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help
Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies
5. Shell Programming and Scripting
hi..
I have a small question...if I have a textfile..let say apple.txt and I want to
1. search for all strings that's 6 characters long, and contains the letters a,b,c,d.
2. search for all words that that begins with "sUn" and ends with "flower"
3. search for all the words beginning with the... (3 Replies)
Discussion started by: Oregano
3 Replies
6. UNIX for Dummies Questions & Answers
i am at home with a windows xp home, and i am using putty terminal to access my linux mathlab account, my task is to compile and run a C program, called a.c,
i used
gcc -Wall -g -o mycode a.c
to compile it into a mycode file
now when i want to run it, i was told i had to use
$... (2 Replies)
Discussion started by: omega666
2 Replies
7. Shell Programming and Scripting
i have few files generated everyday with a date stamp. Sometimes it happens that if the files are generated late i.e after 00:00 hrs the date stamp will be of the next day.
example:
110123_file1
110123_file2
110123_file3
110124_file4
in the above example file4 is also for the previous... (2 Replies)
Discussion started by: gpk_newbie
2 Replies
8. Programming
Hi
I am trying to modify a C program to work for my needs. Problem is I don't know any real programming. I would really appreciate it if someone could help me!
Basically it is to get bandwidth speeds from a remote box. I have two terminal commands that get me the up and down speeds.
So how do... (8 Replies)
Discussion started by: milestails
8 Replies
9. Ubuntu
I've written a program in C, called count_0.1 which is essentially a word count program.
I want to be able to use it as a command in the terminal (by typing in count), like when you type in ls, you don't have to go to a directory, find an executable and type in: ./ls
I've tried:
Adding... (1 Reply)
Discussion started by: usernamer
1 Replies
10. Shell Programming and Scripting
I need to list users in /etc/passwd with root's GID or UID or /root as home directory
If we have these entries in /etc/passwd
root:x:0:0:root:/root:/bin/bash
rootgooduser1:x:100:100::/home/gooduser1:/bin/bash
baduser1:x:0:300::/home/baduser1:/bin/bash... (6 Replies)
Discussion started by: anil510
6 Replies
LEARN ABOUT DEBIAN
calife
CALIFE(1) BSD General Commands Manual CALIFE(1) NAME
calife -- becomes root (or another user) legally. SYNOPSIS
calife [-] [login] or ... [-] [login] for some sites (check with your administrator). DESCRIPTION
Calife requests user's own password for becoming login (or root, if no login is provided), and switches to that user and group ID after veri- fying proper rights to do so. A shell is then executed. If calife is executed by root, no password is requested and a shell with the appro- priate user ID is executed. The invoked shell is the user's own except when a shell is specified in the configuration file calife.auth. If ``-'' is specified on the command line, user's profile files are read as if it was a login shell. This is not the traditional behavior of su. Only users specified in calife.auth can use calife to become another one with this method. You can specify in the calife.auth file the list of logins allowed for users when using calife. See calife.auth(5) for more details. calife.auth is installed as /etc/calife.auth. FILES
/etc/calife.auth List of users authorized to use calife and the users they can become. /etc/calife.out This script is executed just after getting out of calife. SEE ALSO
su(1), calife.auth(5), group(5), environ(7) ENVIRONMENT
The original environment is kept. This is not a security problem as you have to be yourself at login (i.e. it does not have the same security implications as in su(1) ). Environment variables used by calife: HOME Default home directory of real user ID. PATH Default search path of real user ID unless modified as specified above. TERM Provides terminal type which may be retained for the substituted user ID. USER The user ID is always the effective ID (the target user ID) after an su unless the user ID is 0 (root). BUGS
The MD5-based crypt(3) function is slower and probably stronger than the DES-based one but it is usable only among FreeBSD 2.0+ systems. HISTORY
A calife command appeared in DG/UX, written for Antenne 2 in 1991. It has evolved considerably since this period with more OS support, user lists handling and improved logging. PAM support was introduced in 2005 to port it to MacOS X variants (Panther and up). AUTHOR
Ollivier Robert <roberto@keltia.freenix.fr> BSD
September 25, 1994 BSD