Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How do i find all the commands entered by root on any terminal
Special Forums Cybersecurity How do i find all the commands entered by root on any terminal Post 302249114 by Smiling Dragon on Monday 20th of October 2008 04:34:20 PM
Old 10-20-2008
Quote:
Originally Posted by Reboot
Smilie You can set the default login shell as Bash. Smilie
This shell is having the tool known as History. Smilie
Anyone logged with this shell if execute any command then that command will get stored and appended to /.bash_history file.
You can make a script which will mail you the contents of /.bash_history
at your will and you will have all commands executed by root with
you...... Smilie
Ah, but what happens if you have two people logged in as root at the same time? It would be a bit tough to distinguish one session from another...

I suppose you could use 'script "/some/log/dir`who am i | awk '{ print $1 }'`-`date`"' ...

As for moving the users over to another access model, set up the 'new way' and show the users. You can reassure them that they will retain their su rights to root for now to give them a chance to evaluate the new method. Watch the sulog file and contact the person each time they use su to ask what they tried to do via sudo but couldn't. You can then fix whatever it was (or remind them that the access will be taken away and they should be finidng all the issues before it's too late).
Once you have all the problems cleared up, change the password to something only you know.

If you meet resistance, talk to your risk team and show them the very big risk involved in having more than one person able to do work as root without being able to trace who did what. Risk guys hate being unable to trace things back to a single person.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Terminal Commands

Hi there. Linux newbie and I'm trying to find commands to: Display number of executable files in a directory that i supply and list them in alphabetical order Back up all the files in the current irectory to a directory i supply, creating that directory if it's not allready there Cound... (5 Replies)
Discussion started by: indigoecho
5 Replies

2. Solaris

How to allow root login from a specified terminal ?

I want to enable root login just from one terminal machine, can i do that via /etc/default/login in console=/dev/console line ? and if so what i have to type exactly, another question is it normal to edit the files inside defaults directly ? or i can copy it to /etc/ and edit it there and its... (3 Replies)
Discussion started by: XP_2600
3 Replies

3. AIX

Can't login root account due to can't find root shell

Hi, yesterday, I changed root's shell in /etc/passwd, cause a mistake then I can not log in root account (can't find correct shell). I attempted to log in single-mode, however, it prompted for single-mode's password then I type root's password but still can not log in. I'm using AIX 5L version 5.2... (2 Replies)
Discussion started by: neikel
2 Replies

4. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

5. Shell Programming and Scripting

commands in the terminal

hi.. I have a small question...if I have a textfile..let say apple.txt and I want to 1. search for all strings that's 6 characters long, and contains the letters a,b,c,d. 2. search for all words that that begins with "sUn" and ends with "flower" 3. search for all the words beginning with the... (3 Replies)
Discussion started by: Oregano
3 Replies

6. UNIX for Dummies Questions & Answers

help with simple terminal commands

i am at home with a windows xp home, and i am using putty terminal to access my linux mathlab account, my task is to compile and run a C program, called a.c, i used gcc -Wall -g -o mycode a.c to compile it into a mycode file now when i want to run it, i was told i had to use $... (2 Replies)
Discussion started by: omega666
2 Replies

7. Shell Programming and Scripting

find files for next day of the date entered

i have few files generated everyday with a date stamp. Sometimes it happens that if the files are generated late i.e after 00:00 hrs the date stamp will be of the next day. example: 110123_file1 110123_file2 110123_file3 110124_file4 in the above example file4 is also for the previous... (2 Replies)
Discussion started by: gpk_newbie
2 Replies

8. Programming

C terminal commands

Hi I am trying to modify a C program to work for my needs. Problem is I don't know any real programming. I would really appreciate it if someone could help me! Basically it is to get bandwidth speeds from a remote box. I have two terminal commands that get me the up and down speeds. So how do... (8 Replies)
Discussion started by: milestails
8 Replies

9. Ubuntu

Creating terminal commands

I've written a program in C, called count_0.1 which is essentially a word count program. I want to be able to use it as a command in the terminal (by typing in count), like when you type in ls, you don't have to go to a directory, find an executable and type in: ./ls I've tried: Adding... (1 Reply)
Discussion started by: usernamer
1 Replies

10. Shell Programming and Scripting

Find users with root UID or GID or root home

I need to list users in /etc/passwd with root's GID or UID or /root as home directory If we have these entries in /etc/passwd root:x:0:0:root:/root:/bin/bash rootgooduser1:x:100:100::/home/gooduser1:/bin/bash baduser1:x:0:300::/home/baduser1:/bin/bash... (6 Replies)
Discussion started by: anil510
6 Replies

LEARN ABOUT LINUX

sudo_root

sudo_root(8)						      System Manager's Manual						      sudo_root(8)

NAME

       sudo_root - How to run administrative commands

SYNOPSIS

       sudo command

       sudo -i

INTRODUCTION

       By  default, the password for the user "root" (the system administrator) is locked. This means you cannot login as root or use su. Instead,
       the installer will set up sudo to allow the user that is created during install to run all administrative commands.

       This means that in the terminal you can use sudo for commands that require root privileges. All programs in the menu will use  a  graphical
       sudo to prompt for a password. When sudo asks for a password, it needs your password, this means that a root password is not needed.

       To  run	a  command which requires root privileges in a terminal, simply prepend sudo in front of it. To get an interactive root shell, use
       sudo -i.

ALLOWING OTHER USERS TO RUN SUDO

       By default, only the user who installed the system is permitted to run sudo. To add more administrators, i. e. users who can run sudo,  you
       have to add these users to the group 'admin' by doing one of the following steps:

       * In a shell, do

	   sudo adduser username admin

       * Use the graphical "Users & Groups" program in the "System settings" menu to add the new user to the admin group.

BENEFITS OF USING SUDO

       The benefits of leaving root disabled by default include the following:

       * Users do not have to remember an extra password, which they are likely to forget.

       * The installer is able to ask fewer questions.

       * It  avoids  the  "I  can do anything" interactive login by default - you will be prompted for a password before major changes can happen,
	 which should make you think about the consequences of what you are doing.

       * Sudo adds a log entry of the command(s) run (in /var/log/auth.log).

       * Every attacker trying to brute-force their way into your box will know it has an account named root and will try that first. What they do
	 not know is what the usernames of your other users are.

       * Allows  easy transfer for admin rights, in a short term or long term period, by adding and removing users from the admin group, while not
	 compromising the root account.

       * sudo can be set up with a much more fine-grained security policy.

       * On systems with more than one administrator using sudo avoids sharing a password amongst them.

DOWNSIDES OF USING SUDO

       Although for desktops the benefits of using sudo are great, there are possible issues which need to be noted:

       * Redirecting the output of commands run with sudo can be confusing at first. For instance consider

	   sudo ls > /root/somefile

	 will not work since it is the shell that tries to write to that file. You can use

	   ls | sudo tee /root/somefile

	 to get the behaviour you want.

       * In a lot of office environments the ONLY local user on a system is root. All other users  are	imported  using  NSS  techniques  such	as
	 nss-ldap.  To	setup a workstation, or fix it, in the case of a network failure where nss-ldap is broken, root is required. This tends to
	 leave the system unusable. An extra local user, or an enabled root password is needed here.

GOING BACK TO A TRADITIONAL ROOT ACCOUNT

       This is not recommended!

       To enable the root account (i.e. set a password) use:

	   sudo passwd root

       Afterwards, edit the sudo configuration with sudo visudo and comment out the line

	   %admin  ALL=(ALL) ALL

       to disable sudo access to members of the admin group.

SEE ALSO

       sudo(8), https://wiki.ubuntu.com/RootSudo

								 February 8, 2006						      sudo_root(8)
All times are GMT -4. The time now is 07:03 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy