AW: shell command history capturing

[Sattler, Ric]

Hello,

the following is only a workaround, will not do much for security and will
not work really perfect together with all usable commands, but in in some
environments it can help.

The simple idea is to use the command tee together with sudo. Something
like:

sudo su - root | tee -a /logfiles/test.log

but there might bee restrictions:
 - from the used TERM
 - the Logfile will belong to the User
 - no logging of things going to stderr (2>&1 will not work with vi)
 - the User has to type the tee-Command

A workaround for some of these restrictions, is to write a little script to
encapsulate the sudo-call. The tee-Command should be granted with
root-Permissions for the accounts that are using the script. Instead of
using tee, you can use something more secure than tee (for instance a second
script that writes the logs to a defined directory):

-----------------------------------------------
#!/usr/bin/ksh

# ask for Username to name the logfile:
UserId=`whoami`

# ask for the users password:
sudo -p "Sudo Password: " -v

# Call the command:
sudo $@ | sudo -u root tee -a /logfiles/log_of_$UserId
-----------------------------------------------


But be carefull, and think about something like: switching to root and start
the command ls -lR / in a while-loop. (I createt once a Logfile of 47MB with
the monitor tool )(there was no more space on this volume)   ;-)

Don't see the above as solution. It's only a thought.

Ric Sattler
(Xtelligent IT Consulting GmbH http://www.xtelligent.de)
IM / Infrastructural Services
Dresdner Bank AG