11-29-2010
Here is a "poor mans solution" you might get going - i once tried it in a project but didn't succeed, maybe my own fault:
1) To log securely (that is: the systems administrator should have no possibility of altering the logs) you need a remote server, which the admin has no control over. You could write the logs there.
One of the drawbacks of the normal syslog is that either the output is files (locally) or network, but not both. You want the syslog-written logs to be accessible by the admins, just some should be non-alterable by them. This can be done by replacing syslog with "Syslog-NG", a freely available syslog-replacement.
2) There is a freeware tool "Snoopy logger", which intercepts (via a PRELOAD-library) the system calls exec() and execve() and documents them via a syslog-facility.
This is where i failed: i tried Snoopy 1.3.x, but while it was (with some small hack) working perfectly on Linux systems i didn't get it to work on AIX systems although i did get a clean compile. Since then Snoopy is out in a new version (1.6.x) and maybe does work on AIX systems too - i haven't checked since then.
Maybe someone with more programming experience on AIX then me is able to find out why it didn't work on AIX systems either. The source is very small (1-2 screens full) so it should take only minutes to analyze it.
I hope this helps.
bakunin
10 More Discussions You Might Find Interesting
1. Solaris
Hello all,
I am having a problem with a Solaris 8 machine. Since 3 days ago I can´t login as root. I am able to login as a normal user and su. But as soon as I issue any command the system stop responding. If I log again as a normal user I see the process still runnig.
Something I noticed,... (1 Reply)
Discussion started by: kik_xxx
1 Replies
2. UNIX for Dummies Questions & Answers
Hi
I am working on LINUX shell scripting. I have root privileges and I know some basic root/admin commands like user creation, modification and so on. Till last week i was able to create users but now i am not able to create users or groups. When I give the command i got an error as ... (6 Replies)
Discussion started by: naina
6 Replies
3. UNIX for Advanced & Expert Users
I have to write a script (not C based) that allows to capture of all commands issued by the user “root”.
First, I tried to monitor the .bash_history but the commands are written in chunk after the .bash_history is closed.
How can I capture the commands in Real-Time without waiting root to... (4 Replies)
Discussion started by: elieifrah@gmail
4 Replies
4. HP-UX
Hi
I have been asked to find out how to
1) create users
2) reset passwords
3) kill processes that may require root privileges
without having root password, sudo rights or rights to passwd command
Any ideas?
Thanks in advance (1 Reply)
Discussion started by: emealogistics
1 Replies
5. Cybersecurity
Can any one help me with a script, which runs in background and mails me all the commands entered by root on any terminal for every hour. We have multiple people having root access on the server and creating a mess,i just wanted to monitor all the activity of the root. (13 Replies)
Discussion started by: vishnu787
13 Replies
6. UNIX for Dummies Questions & Answers
Hi everyone hope you can help me
i have 5 root users and the problem with that is how can you see
witch root user did what on the box how can you track the users that
played on the servers.
1) What commands they typed (in linux you get history )
2) From witch ip did they connect to the server (3 Replies)
Discussion started by: sucram
3 Replies
7. UNIX for Dummies Questions & Answers
hi
i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help
Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies
8. Shell Programming and Scripting
is it possible that we can restrict the root user if he runs some commands?? e.g i want if root runs command 'rm etc/passwd', he shoudn't be able to run command and throws error :confused: (3 Replies)
Discussion started by: sheelsadan
3 Replies
9. Shell Programming and Scripting
Hello I have a script which is working fine so far to generate HTML file. Now i am wondering how do i include a syntax where it can change itself to root user and execute a specific commands as root user.
Please help, Thanks in advance.
-Siddhesh (2 Replies)
Discussion started by: Siddheshk
2 Replies
10. HP-UX
All team members has sudo access to user "batch55".
Need to track all the commands used by team members after sudo to "batch55".
Using HP-UX and ksh shell in our environment.
How can i acheive this?
Thanks In Advance. (2 Replies)
Discussion started by: venkatababu
2 Replies
SYSLOG(8) System Logging SYSLOG(8)
NAME
syslog-ng, syslogd
DESCRIPTION
There are different syslog daemon implementations supported as the system's syslog service, currently syslogd, syslog-ng and rsyslogd
The first installed daemon activates itself for the syslog service. Starting with openSUSE-11.2, it is rsyslogd, before it was syslog-ng.
But this depends on the software selection during the installation.
The name of the daemon used as syslog service is specified in the
SYSLOG_DAEMON variable in /etc/sysconfig/syslog.
The yast2 sysconfig module provides a comfortable way to switch to another installed daemon and restart the service.
The /etc/init.d/syslog init script is able to handle all supported daemons.
BUGS
Please report bugs at <http://www.suse.de/feedback>
AUTHOR
Juergen Weigert <jw@novell.com>
Marius Tomaschewski <mt@novell.com>
SEE ALSO
sysklogd(8) syslogd(8) syslog.conf(5) syslog-ng(8) syslog-ng.conf(5) rsyslogd(8) rsyslog.conf(5)
syslog May 2008 SYSLOG(8)