07-08-2011
Easiest way I can come up with: have the logs written to a separate directory, where the users have only write access (no read, no execute bit set), and use non-predictable names for the logs. That way they can't see the file, unless they know the specific name (which should be hard to deduct).
As long as your users don't figure out how to use ps to get the filename, this should be enough. If they do, you'll have to call script using a C program as wrapper, hiding the command line.
10 More Discussions You Might Find Interesting
1. Solaris
I am trying to find the following information regarding the logging of telnet sessions within a Solaris 10 environment:
(1) How can I tell if the logging of telnet sessions is enabled on a Solaris 10 machine?
(2) Assuming that the logging of telnet sessions is not enabled, what is the... (1 Reply)
Discussion started by: RobSand
1 Replies
2. UNIX for Advanced & Expert Users
There's a user that opens various login sessions with a particular SOLARIS server at the same time - this locks the server thats tried to get logged into..
Kindly help on how to know the max limit of sessions a particular user can open with a particular server at the same time. AND, how to... (2 Replies)
Discussion started by: its.simron
2 Replies
3. AIX
I want to know how I can turn off and turn on login logging. We have a server that appears to have stopped logging user logins. Running the who command shows nothing and the last command shows no logins for a month. The var/adm/wtmp file isn't full and there is plenty of space in the var file... (2 Replies)
Discussion started by: daveisme
2 Replies
4. UNIX for Dummies Questions & Answers
Hi I am working in Solaris 10 and I want to monitor logs for every telnet/ssh session that tries to connect to the server. I need these logs to be generated in a file that I can fetch using ftp.
I am a new user and a stepwise detail will be great
BR
saGGee (3 Replies)
Discussion started by: saggee
3 Replies
5. Solaris
hello guys, Does anybody know how I can log all the telnet sessions for a specific IP.
For instance, anybody who make a telnet to IP x.x.x.x this session will be logged. the purpose of it is that I need to know every command that people are running on this node.
Any help ?
Thanks. (1 Reply)
Discussion started by: cerioni
1 Replies
6. Solaris
Hi,
My requirement - for security purpose -
I want all root logins to my solaris servers are done by a script kept
in a separate unix box. This script will telnet into remote solaris server with
root user and log every session via log file.
Now my purpose is to log every telnet session... (3 Replies)
Discussion started by: rahul_jain250
3 Replies
7. UNIX for Dummies Questions & Answers
Hi - I want to log commands typed by oraapps user with time into some log file on runtime.
HISTTIMEFORMAT="%d/%m/%y %T " works but any one with oraapps user can delete the history.
OS : RHEl 5.6
Any help is appreciated. (5 Replies)
Discussion started by: oraclermanpt
5 Replies
8. Shell Programming and Scripting
hi,
im looking to write a script to end user sessions which are on a paticular program and have been for over an hour so I can free up the system a bit.
I understand that the "who" command lists the current users logged into the system, however it does not let me see what program they are on... (12 Replies)
Discussion started by: 02JayJay02
12 Replies
9. Shell Programming and Scripting
Hi,
I have several engineers logging into servers with the same system username and passwords eg root. I was thinking about adding a script to bashrc where a user is forced upon login to enter their name and once that has executed there history is logged/redirected to a log file somewhere. I... (10 Replies)
Discussion started by: maxwellhouse
10 Replies
10. UNIX for Beginners Questions & Answers
Hi - If iam logged on to server A, on 4 putty windows using SSH ... and out of these 4 logged-in sessions, in one of the sessions if i did SSH from server A to server B;
i would now have 4 putty windows sessions ... of which 3 are actively logged on to Server A while 1 putty window is actively... (2 Replies)
Discussion started by: i4ismail
2 Replies
LEARN ABOUT SUSE
pmvarrun
pmvarrun(8) pam_mount pmvarrun(8)
Name
pmvarrun - updates /var/run/pam_mount/user
Syntax
pmvarrun -u user [options]
Description
A separate program is needed so that /var/run/pam_mount/user may be created with a pam_mount-specific security context (otherwise SELinux
policy will conflict with gdm, which also creates file in /var/run).
pmvarrun is flexible and can run in a number of different security setups:
root-root
When pmvarrun is invoked as root, /var/run/pam_mount's permission settings can be as strict as needed; usually (0755,root,root) is a good
pick as it gives users the debug control over their refcount. Refcount files are given their respective owners (chowned to the user who
logs in).
user-user
When invoked as the user who logs in, /var/run/pam_mount needs appropriate permissions to create a file, which means the write bit must be
set. It is also highly suggested to set the sticky bit in this case, so other users do not tamper with your refcount.
root-user
Some programs or login helpers incorrectly call the PAM stack in a way that the login phase is done as root and the logout phase as a nor-
mal user. Nevertheless, pmvarrun supports this, and the same permissions as in root-root can be used. While the user may not be able to
unlink his file from /var/run/pam_mount, it will be truncated to indicate the same state.
Options
--help, -h
Display help.
--user user, -u user
User to handle, must be a valid username.
--operation number, -o number
Increase volume count by number.
-d Turn on debugging.
Files
/var/run/pam_mount/user
Author
This manpage was originally written by Bastian Kleineidam <calvin@debian.org> for the Debian distribution of libpam-mount but may be used
by others.
See /usr/share/doc/packages/pam_mount/AUTHORS for the list of original authors of pam_mount.
pam_mount 2008-10-08 pmvarrun(8)