Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Tracking Root commands
Operating Systems AIX Tracking Root commands Post 302475486 by bakunin on Monday 29th of November 2010 02:02:25 AM
Old 11-29-2010
Here is a "poor mans solution" you might get going - i once tried it in a project but didn't succeed, maybe my own fault:

1) To log securely (that is: the systems administrator should have no possibility of altering the logs) you need a remote server, which the admin has no control over. You could write the logs there.

One of the drawbacks of the normal syslog is that either the output is files (locally) or network, but not both. You want the syslog-written logs to be accessible by the admins, just some should be non-alterable by them. This can be done by replacing syslog with "Syslog-NG", a freely available syslog-replacement.

2) There is a freeware tool "Snoopy logger", which intercepts (via a PRELOAD-library) the system calls exec() and execve() and documents them via a syslog-facility.

This is where i failed: i tried Snoopy 1.3.x, but while it was (with some small hack) working perfectly on Linux systems i didn't get it to work on AIX systems although i did get a clean compile. Since then Snoopy is out in a new version (1.6.x) and maybe does work on AIX systems too - i haven't checked since then.

Maybe someone with more programming experience on AIX then me is able to find out why it didn't work on AIX systems either. The source is very small (1-2 screens full) so it should take only minutes to analyze it.

I hope this helps.

bakunin
 

10 More Discussions You Might Find Interesting

1. Solaris

Can´t issue commands as root

Hello all, I am having a problem with a Solaris 8 machine. Since 3 days ago I can´t login as root. I am able to login as a normal user and su. But as soon as I issue any command the system stop responding. If I log again as a normal user I see the process still runnig. Something I noticed,... (1 Reply)
Discussion started by: kik_xxx
1 Replies

2. UNIX for Dummies Questions & Answers

root/admin commands in LINUX

Hi I am working on LINUX shell scripting. I have root privileges and I know some basic root/admin commands like user creation, modification and so on. Till last week i was able to create users but now i am not able to create users or groups. When I give the command i got an error as ... (6 Replies)
Discussion started by: naina
6 Replies

3. UNIX for Advanced & Expert Users

Capture of all commands issued by the user “root”

I have to write a script (not C based) that allows to capture of all commands issued by the user “root”. First, I tried to monitor the .bash_history but the commands are written in chunk after the .bash_history is closed. How can I capture the commands in Real-Time without waiting root to... (4 Replies)
Discussion started by: elieifrah@gmail
4 Replies

4. HP-UX

user commands without root access

Hi I have been asked to find out how to 1) create users 2) reset passwords 3) kill processes that may require root privileges without having root password, sudo rights or rights to passwd command Any ideas? Thanks in advance (1 Reply)
Discussion started by: emealogistics
1 Replies

5. Cybersecurity

How do i find all the commands entered by root on any terminal

Can any one help me with a script, which runs in background and mails me all the commands entered by root on any terminal for every hour. We have multiple people having root access on the server and creating a mess,i just wanted to monitor all the activity of the root. (13 Replies)
Discussion started by: vishnu787
13 Replies

6. UNIX for Dummies Questions & Answers

tracking root users

Hi everyone hope you can help me i have 5 root users and the problem with that is how can you see witch root user did what on the box how can you track the users that played on the servers. 1) What commands they typed (in linux you get history ) 2) From witch ip did they connect to the server (3 Replies)
Discussion started by: sucram
3 Replies

7. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

8. Shell Programming and Scripting

How to restrict root user from running some commands

is it possible that we can restrict the root user if he runs some commands?? e.g i want if root runs command 'rm etc/passwd', he shoudn't be able to run command and throws error :confused: (3 Replies)
Discussion started by: sheelsadan
3 Replies

9. Shell Programming and Scripting

Script to run commands as root user

Hello I have a script which is working fine so far to generate HTML file. Now i am wondering how do i include a syntax where it can change itself to root user and execute a specific commands as root user. Please help, Thanks in advance. -Siddhesh (2 Replies)
Discussion started by: Siddheshk
2 Replies

10. HP-UX

Tracking what commands were executed after sudo to another user

All team members has sudo access to user "batch55". Need to track all the commands used by team members after sudo to "batch55". Using HP-UX and ksh shell in our environment. How can i acheive this? Thanks In Advance. (2 Replies)
Discussion started by: venkatababu
2 Replies

LEARN ABOUT FREEBSD

logger

LOGGER(1)						    BSD General Commands Manual 						 LOGGER(1)

NAME

     logger -- make entries in the system log

SYNOPSIS

     logger [-46Ais] [-f file] [-h host] [-P port] [-p pri] [-t tag] [message ...]

DESCRIPTION

     The logger utility provides a shell command interface to the syslog(3) system log module.

     The following options are available:

     -4      Force logger to use IPv4 addresses only.

     -6      Force logger to use IPv6 addresses only.

     -A      By default, logger tries to send the message to only one address, even if the host has more than one A or AAAA record.  If this
	     option is specified, logger tries to send the message to all addresses.

     -i      Log the process id of the logger process with each line.

     -s      Log the message to standard error, as well as the system log.

     -f file
	     Read the contents of the specified file into syslog.

     -h host
	     Send the message to the remote system host instead of logging it locally.

     -P port
	     Send the message to the specified port number on a remote system, which can be specified as a service name or as a decimal number.
	     The default is ``syslog''.  If an unknown service name is used, logger prints a warning and falls back to port 514.

     -p pri  Enter the message with the specified priority.  The priority may be specified numerically or as a ``facility.level'' pair.  For exam-
	     ple, ``-p local3.info'' logs the message(s) as informational level in the local3 facility.  The default is ``user.notice.''

     -t tag  Mark every line in the log with the specified tag rather than the default of current login name.

     message
	     Write the message to log; if not specified, and the -f flag is not provided, standard input is logged.

EXIT STATUS

     The logger utility exits 0 on success, and >0 if an error occurs.

EXAMPLES

	   logger System rebooted

	   logger -p local0.notice -t HOSTIDM -f /dev/idmc

SEE ALSO

     syslog(3), syslogd(8)

STANDARDS

     The logger command is expected to be IEEE Std 1003.2 (``POSIX.2'') compatible.

BSD
								   March 4, 2014							       BSD
All times are GMT -4. The time now is 09:28 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy