11-29-2010
Here is a "poor mans solution" you might get going - i once tried it in a project but didn't succeed, maybe my own fault:
1) To log securely (that is: the systems administrator should have no possibility of altering the logs) you need a remote server, which the admin has no control over. You could write the logs there.
One of the drawbacks of the normal syslog is that either the output is files (locally) or network, but not both. You want the syslog-written logs to be accessible by the admins, just some should be non-alterable by them. This can be done by replacing syslog with "Syslog-NG", a freely available syslog-replacement.
2) There is a freeware tool "Snoopy logger", which intercepts (via a PRELOAD-library) the system calls exec() and execve() and documents them via a syslog-facility.
This is where i failed: i tried Snoopy 1.3.x, but while it was (with some small hack) working perfectly on Linux systems i didn't get it to work on AIX systems although i did get a clean compile. Since then Snoopy is out in a new version (1.6.x) and maybe does work on AIX systems too - i haven't checked since then.
Maybe someone with more programming experience on AIX then me is able to find out why it didn't work on AIX systems either. The source is very small (1-2 screens full) so it should take only minutes to analyze it.
I hope this helps.
bakunin
10 More Discussions You Might Find Interesting
1. Solaris
Hello all,
I am having a problem with a Solaris 8 machine. Since 3 days ago I can´t login as root. I am able to login as a normal user and su. But as soon as I issue any command the system stop responding. If I log again as a normal user I see the process still runnig.
Something I noticed,... (1 Reply)
Discussion started by: kik_xxx
1 Replies
2. UNIX for Dummies Questions & Answers
Hi
I am working on LINUX shell scripting. I have root privileges and I know some basic root/admin commands like user creation, modification and so on. Till last week i was able to create users but now i am not able to create users or groups. When I give the command i got an error as ... (6 Replies)
Discussion started by: naina
6 Replies
3. UNIX for Advanced & Expert Users
I have to write a script (not C based) that allows to capture of all commands issued by the user “root”.
First, I tried to monitor the .bash_history but the commands are written in chunk after the .bash_history is closed.
How can I capture the commands in Real-Time without waiting root to... (4 Replies)
Discussion started by: elieifrah@gmail
4 Replies
4. HP-UX
Hi
I have been asked to find out how to
1) create users
2) reset passwords
3) kill processes that may require root privileges
without having root password, sudo rights or rights to passwd command
Any ideas?
Thanks in advance (1 Reply)
Discussion started by: emealogistics
1 Replies
5. Cybersecurity
Can any one help me with a script, which runs in background and mails me all the commands entered by root on any terminal for every hour. We have multiple people having root access on the server and creating a mess,i just wanted to monitor all the activity of the root. (13 Replies)
Discussion started by: vishnu787
13 Replies
6. UNIX for Dummies Questions & Answers
Hi everyone hope you can help me
i have 5 root users and the problem with that is how can you see
witch root user did what on the box how can you track the users that
played on the servers.
1) What commands they typed (in linux you get history )
2) From witch ip did they connect to the server (3 Replies)
Discussion started by: sucram
3 Replies
7. UNIX for Dummies Questions & Answers
hi
i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help
Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies
8. Shell Programming and Scripting
is it possible that we can restrict the root user if he runs some commands?? e.g i want if root runs command 'rm etc/passwd', he shoudn't be able to run command and throws error :confused: (3 Replies)
Discussion started by: sheelsadan
3 Replies
9. Shell Programming and Scripting
Hello I have a script which is working fine so far to generate HTML file. Now i am wondering how do i include a syntax where it can change itself to root user and execute a specific commands as root user.
Please help, Thanks in advance.
-Siddhesh (2 Replies)
Discussion started by: Siddheshk
2 Replies
10. HP-UX
All team members has sudo access to user "batch55".
Need to track all the commands used by team members after sudo to "batch55".
Using HP-UX and ksh shell in our environment.
How can i acheive this?
Thanks In Advance. (2 Replies)
Discussion started by: venkatababu
2 Replies
LEARN ABOUT FREEBSD
logger
LOGGER(1) BSD General Commands Manual LOGGER(1)
NAME
logger -- make entries in the system log
SYNOPSIS
logger [-46Ais] [-f file] [-h host] [-P port] [-p pri] [-t tag] [message ...]
DESCRIPTION
The logger utility provides a shell command interface to the syslog(3) system log module.
The following options are available:
-4 Force logger to use IPv4 addresses only.
-6 Force logger to use IPv6 addresses only.
-A By default, logger tries to send the message to only one address, even if the host has more than one A or AAAA record. If this
option is specified, logger tries to send the message to all addresses.
-i Log the process id of the logger process with each line.
-s Log the message to standard error, as well as the system log.
-f file
Read the contents of the specified file into syslog.
-h host
Send the message to the remote system host instead of logging it locally.
-P port
Send the message to the specified port number on a remote system, which can be specified as a service name or as a decimal number.
The default is ``syslog''. If an unknown service name is used, logger prints a warning and falls back to port 514.
-p pri Enter the message with the specified priority. The priority may be specified numerically or as a ``facility.level'' pair. For exam-
ple, ``-p local3.info'' logs the message(s) as informational level in the local3 facility. The default is ``user.notice.''
-t tag Mark every line in the log with the specified tag rather than the default of current login name.
message
Write the message to log; if not specified, and the -f flag is not provided, standard input is logged.
EXIT STATUS
The logger utility exits 0 on success, and >0 if an error occurs.
EXAMPLES
logger System rebooted
logger -p local0.notice -t HOSTIDM -f /dev/idmc
SEE ALSO
syslog(3), syslogd(8)
STANDARDS
The logger command is expected to be IEEE Std 1003.2 (``POSIX.2'') compatible.
BSD
March 4, 2014 BSD