Login or Register to Ask a Question and Join Our Community


Cybersecurity

How do i find all the commands entered by root on any terminal

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity How do i find all the commands entered by root on any terminal
# 8  
Old 10-27-2008
Quote:
Originally Posted by vampirodolce
Hi Reboot,
for some reason when I use script (/usr/bin/script) in .bashrc, as soon as the user logs in the shell goes crazy (e.g. CPU 100%) and the output file - typescript in my case - becomes huge. Do you know why?
The command 'script' on a command line works just fine, it's the .bashrc that doesn't like it. I am using Debian Etch.

Could you show the entries (or commands) you are putting in /.bashrc file......
# 9  
Old 10-27-2008
As an answer to the original problem try something like this in /etc/profile
Code:
    RU=`who am i | cut -f 1 -d " "`
    if [[ $RU = "root" ]]
      then
        HISTFILE=/someplace_safe/.ihist/.sh_hist_$RU_$$
        HISTSIZE=1000
        export HISTFILE HISTSIZE
      else
        HISTFILE=/$HOME/.sh_history
        HISTSIZE=1000
        export HISTFILE HISTSIZE
    fi

This creates a history file for each root login, the mtime of the file gives you a clue as to which "root" login you are dealing with.
# 10  
Old 10-28-2008
Quote:
Originally Posted by jim mcnamara
As an answer to the original problem try something like this in /etc/profile
Code:
    RU=`who am i | cut -f 1 -d " "`
    if [[ $RU = "root" ]]
      then
        HISTFILE=/someplace_safe/.ihist/.sh_hist_$RU_$$
        HISTSIZE=1000
        export HISTFILE HISTSIZE
      else
        HISTFILE=/$HOME/.sh_history
        HISTSIZE=1000
        export HISTFILE HISTSIZE
    fi

This creates a history file for each root login, the mtime of the file gives you a clue as to which "root" login you are dealing with.



This is also a good Solution.........
Thanks jim mcnamara....Smilie
# 11  
Old 10-29-2008
Quote:
Originally Posted by Reboot
Could you show the entries (or commands) you are putting in /.bashrc file......
Hi, I am using the standard ~/.bashrc shipped with Debian, with some minor changes I made e.g. to umask, Mail, Histfilesize, Histsize and PS1 (which now shows the % of the battery):

Quote:
debian@localhost:100%~$ cat .bashrc|grep ^[^#]

[ -z "$PS1" ] && return
export HISTCONTROL=ignoredups
shopt -s checkwinsize
[ -x /usr/bin/lesspipe ] && eval "$(lesspipe)"
if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
case "$TERM" in
xterm-color)
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
;;
*)
PS1='${debian_chroot:+($debian_chroot)}\u@\h:$(echo $(acpi)|/usr/bin/cut -f4 -d\ |cut -f1 -d,)\w\$ '
;;
esac
case "$TERM" in
xterm*|rxvt*)
PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD/$HOME/~}\007"'
;;
*)
;;
esac
if [ "$TERM" != "dumb" ]; then
eval "`dircolors -b`"
alias ls='ls -F --color=auto'
fi
if [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
umask 077
MAIL=~/Maildir
export MAIL
HISTFILESIZE=400
export HISTFILESIZE
HISTSIZE=400
export HISTSIZE
The 'script' command I used was very simple, some kind of '/usr/bin/script -q ~/file.log'
# 12  
Old 10-29-2008
Hi...
First see wether all perameters which you want to change through ~/.bashrc file, changes as per your requirement.In short wether all commands (Excluding '/usr/bin/script ) in ~/.bashrc file work fine......

If yes then just put the '/usr/bin/script -q ~/file.log' command at the very last line of your ~/.bashrc file and then see wether it works or not....Smilie

Do not put the '/usr/bin/script -q ~/file.log' command at begining or anywhere in between the ~/.bashrc file .

Hope it should work this time now.....Smilie

Cheers....Smilie
Last edited by Reboot; 10-29-2008 at 06:03 PM..
# 13  
Old 10-30-2008
If you are on a Linux box, you could use Snoopy. Quoting from the Sourceforge webpage:
Quote:
Snoopy is designed to aid the task of a sysadmin by providing a log of commands executed. Snoopy is completely transparent to the user and applications. It is linked into programs to provide a wrapper around calls to execve(). Logging is done via syslogd
# 14  
Old 10-31-2008
Quote:
Originally Posted by Reboot
Hi...
First see wether all perameters which you want to change through ~/.bashrc file, changes as per your requirement.In short wether all commands (Excluding '/usr/bin/script ) in ~/.bashrc file work fine......

If yes then just put the '/usr/bin/script -q ~/file.log' command at the very last line of your ~/.bashrc file and then see wether it works or not....Smilie

Do not put the '/usr/bin/script -q ~/file.log' command at begining or anywhere in between the ~/.bashrc file .

Hope it should work this time now.....Smilie

Cheers....Smilie
Same as before. I created a sample .bashrc containing the 'script -q ~/file.txt' line only.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Find users with root UID or GID or root home

I need to list users in /etc/passwd with root's GID or UID or /root as home directory If we have these entries in /etc/passwd root:x:0:0:root:/root:/bin/bash rootgooduser1:x:100:100::/home/gooduser1:/bin/bash baduser1:x:0:300::/home/baduser1:/bin/bash... (6 Replies)
Discussion started by: anil510
6 Replies

2. Ubuntu

Creating terminal commands

I've written a program in C, called count_0.1 which is essentially a word count program. I want to be able to use it as a command in the terminal (by typing in count), like when you type in ls, you don't have to go to a directory, find an executable and type in: ./ls I've tried: Adding... (1 Reply)
Discussion started by: usernamer
1 Replies

3. Programming

C terminal commands

Hi I am trying to modify a C program to work for my needs. Problem is I don't know any real programming. I would really appreciate it if someone could help me! Basically it is to get bandwidth speeds from a remote box. I have two terminal commands that get me the up and down speeds. So how do... (8 Replies)
Discussion started by: milestails
8 Replies

4. Shell Programming and Scripting

find files for next day of the date entered

i have few files generated everyday with a date stamp. Sometimes it happens that if the files are generated late i.e after 00:00 hrs the date stamp will be of the next day. example: 110123_file1 110123_file2 110123_file3 110124_file4 in the above example file4 is also for the previous... (2 Replies)
Discussion started by: gpk_newbie
2 Replies

5. UNIX for Dummies Questions & Answers

help with simple terminal commands

i am at home with a windows xp home, and i am using putty terminal to access my linux mathlab account, my task is to compile and run a C program, called a.c, i used gcc -Wall -g -o mycode a.c to compile it into a mycode file now when i want to run it, i was told i had to use $... (2 Replies)
Discussion started by: omega666
2 Replies

6. Shell Programming and Scripting

commands in the terminal

hi.. I have a small question...if I have a textfile..let say apple.txt and I want to 1. search for all strings that's 6 characters long, and contains the letters a,b,c,d. 2. search for all words that that begins with "sUn" and ends with "flower" 3. search for all the words beginning with the... (3 Replies)
Discussion started by: Oregano
3 Replies

7. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

8. AIX

Can't login root account due to can't find root shell

Hi, yesterday, I changed root's shell in /etc/passwd, cause a mistake then I can not log in root account (can't find correct shell). I attempted to log in single-mode, however, it prompted for single-mode's password then I type root's password but still can not log in. I'm using AIX 5L version 5.2... (2 Replies)
Discussion started by: neikel
2 Replies

9. Solaris

How to allow root login from a specified terminal ?

I want to enable root login just from one terminal machine, can i do that via /etc/default/login in console=/dev/console line ? and if so what i have to type exactly, another question is it normal to edit the files inside defaults directly ? or i can copy it to /etc/ and edit it there and its... (3 Replies)
Discussion started by: XP_2600
3 Replies

10. UNIX for Dummies Questions & Answers

Terminal Commands

Hi there. Linux newbie and I'm trying to find commands to: Display number of executable files in a directory that i supply and list them in alphabetical order Back up all the files in the current irectory to a directory i supply, creating that directory if it's not allready there Cound... (5 Replies)
Discussion started by: indigoecho
5 Replies
Login or Register to Ask a Question