Another option is to use Enterprise Audit Shell -- this application will
allow you to log all activity performed by a user during a root session.
I have successfully implemented this and use sudo to enable root
access, but only via /usr/local/sbin/eash (path to audit shell binary).
The EAS logs to a remote server via SSL-protected connection and allows
real-time play-back of a users session (during the session) or after the
fact playback. There are also reporting features built in.
This product is currently freely available but I did hear a rumor that
it will not be for much longer, so get it while you can. If you mail me
off-list I might be able to provide a 2.0 release version.
Some RPMs are available here:
http://rpmfind.net/linux/rpm2html/search.php?query=eash
Here's an overview by the author on the sudo-announce list:
http://www.gratisoft.us/pipermail/sudo-announce/2006-March/000062.html
Thanks,
--
Joshua M. Miller - RHCE,VCP
mark wrote:
Krishnaprasad_K@xxxxxxxx wrote:
ps ax will show all the processes running in your system. Redirect its
output to a file when a user logs in.
add this command in /etc/profile script ps ax > /tmp/processes.txt
<snip>
Don't think that's quite what he was asking for. ps -fu <username> might
be closer. However, he said *root* shell with logging, implying not just
any user. My solution to that would be that the folks he's worrying
about logging should not log in as root, but rather use sudo, which logs
every command they issue.
mark
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
