Login or Register to Ask a Question and Join Our Community


Cybersecurity

Full Command Logging?

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Full Command Logging?
# 1  
Old 01-28-2009
Full Command Logging?
I am looking for a really good command logging tool to improve the auditing of my servers. I have previously used snoopy but this is currently a bit flaky and causing serious problems for me, it doesn't look like it's been maintained since 2004, it didn't even want to compile until I added -fPIC but it's causing segmentation faults and just ruins my test systems, eventually causing all or nearly all commands to segfault. I've tried the process account tools but they log only the command basename, no args and no shell built-ins either (although even snoopy doesn't get that last one, but I could live without it if I had to). Shell history files are not security, they are just convenience, so they don't fit either (unless we find a way of capturing all shell history straight into syslog...) So I'm looking for something else that I can deploy among my servers to fully audit any commands entered and log them via syslog. Does anyone have any recommendations for a good thorough command logger, capturing args as well?
# 2  
Old 01-29-2009
I made some updates to snoopy, including command argument handling, fixing its bugs, and a more flexible configuration (filtering out uninteresting commands, such as crond children, etc), but the authors haven't responded. It relies on any system that allows the LD_PRELOAD and supports sysv seamphores. If you are interested, I will send you my version, and you can help me remove any other bugs. Smilie Send me a PM with your email address.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Logging events of /tmp full

Hi everybody, few days ago we had a big issue with one of our solaris10 server. Suddenly while my colleague was working on it for some troubleshooting he realized that the performance started to degrade. At the end it reached the point that was not even possible to login usng the local console... (7 Replies)
Discussion started by: bdegiovanni
7 Replies

2. Solaris

Sol10 + OpenLDAP = excessive logging & full file system??!!

Hello all, new to this forum (member of many others). Hopefully I can find help here. SERVER: Brand new server Oracle Enterprise SPARC T4-1 Loaded Solaris SPARC 10 u10, patched to 147440-27 Loaded OpenLDAP v2.4.30 Loaded Berkley DB 4.7.25.NC Loaded OpenSSL 1.0.1c Note: All packages are... (2 Replies)
Discussion started by: Wraith_G2IC
2 Replies

3. Shell Programming and Scripting

Command Logging

I searched the forums for command logging and the user "Driver" seemed to provide a script for logging shell commands with related info like date and time. The subject was "logging command invocations -cmdlog" . I would be interested in this script. Thanks (0 Replies)
Discussion started by: starcraft
0 Replies

4. Shell Programming and Scripting

bash logging al $() command lines

I have been doing a lot more bash on LINUX RedHat and Ubuntu lately, and one thing keeps cropping up intermittently. If I do a $( some-commands ) Command Substitution, the some-commands are logged onto my screen each time they are evaluated. Did I turn on some odd option? It seems to happen just... (13 Replies)
Discussion started by: DGPickett
13 Replies

5. Shell Programming and Scripting

awk command-logging

hi folks, In the following code, logfile remains empty. log_file="/u/Sc/prav.log.$mon$day" ps -ef | grep "myprocess"| awk -v logfile=$log_file '{ system("date >> logfile") }' can u please help as how to log the date to that logfile. thanks in advance! (3 Replies)
Discussion started by: pravfraz
3 Replies

6. Solaris

shell command logging

Does anyone have a simple method of logging all shell commands typed by a user (csh in our case)? - I could enable auditing, but this would be overkill - I could enable process accounting, but AFAIK, this does not log arguments Thanks all. (2 Replies)
Discussion started by: minkie
2 Replies

7. UNIX for Dummies Questions & Answers

Command Logging in SCO

Hello, new user here. I am the "administrator" for a few SCO Unix servers here, but do not have much Unix administration experience other than some basic stuff (don't ask). Anyway, I have been charged with finding a way to log all users commands for auditing purposes. This includes root. The log... (2 Replies)
Discussion started by: brian_g
2 Replies

8. UNIX for Dummies Questions & Answers

Logging command invocations - cmdlog

. (1 Reply)
Discussion started by: Driver
1 Replies

9. UNIX for Dummies Questions & Answers

What is command for logging?

Hi, I am trying to recollect the command used to log a file. We use this command just before starting, say, installation. At the end you get a file capturing the series of commands you used during the course of time and sytems response. Could anybody please help. Thanks, Dasa (3 Replies)
Discussion started by: dtamminx
3 Replies

10. UNIX for Advanced & Expert Users

SSH and command logging

Hi all... I've completed the task of deploying SSH over my 400 servers. I don't know if i'm right or wrong, but ssh doesn't do any command-logging, does it? Is there a app i can use to log all commands passed ( besides the usual .sh_history), whith no modification possible by the user, and how... (2 Replies)
Discussion started by: penguin-friend
2 Replies
Login or Register to Ask a Question