Wednesday, December 16, 2009

Bash shell logging technique

Bookmark and Share

In my previous post, Record command lines / terminal sessions on UNIX shell, we have seen the use of ‘script’ CLI to record terminal session on Unix (LINUX) platforms.

There are few other ways to monitor or logging user shell using rootsh, sudosh and ttyrec etc. However, in this post, we will utilize ‘script’ CLI to monitor or logging user’s command line shell. This is useful if you are hesitant to install any third party tool on your Unix box which is often a case in production environments.

It is fairly easy to invoke ‘script’ after user logs in. Just put following entry (colored in orange) in ‘/etc/profile’ file.

--------------------------Start Of Shell------------------------------------
ts:~# tail /etc/profile
            test -x /usr/bin/faillog && /usr/bin/faillog

/usr/bin/script –a  /path/to/your/$USER.txt 2>&1

# End of /etc/profile
--------------------------End Of Shell------------------------------------

Above Two lines at the end of ‘/etc/profile’ invokes ‘script’ CLI immediately after user logs into the machine and redirecting its logged shell output to “/path/to/your/<YourUserName>.txt file. So whatever user types or displayed at the shell prompt (terminal session) is logged automatically by default.

Be careful while utilizing this technique as once you log out and again login to the machine, your session will also get recorded immediately. So path to the file where terminal session is recorded should be carefully chosen and secured. Path specified above is for example purpose only. Considering this technique is also useful for spying or logging user shell or terminal sessions without requiring any third party tools, people securing their UNIX machines should take note of this point.

Do you use any other method to log your shell? Do let everyone know in comments below.

Reblog this post [with Zemanta]

No comments:

Post a Comment

Your valuable comments are welcome. (Comments will be moderated.)