[sudo-users] Logging commands run as superuser to a mysql database

[Michael Potter]

Dirk,

There are two options:
1) sudosh
2) rootsh

rootsh is closest to what you are asking for: it logs the commands
that the user runs.
sudosh logs the activity on the tty, so it shows you what is returned
the user.  It also records the keystrokes if you are in a vi session.

rootsh logs to syslog.  you would have to write a filter to read
syslog and write to the database.

Please report back what you learn.  This is an often asked question on
this list, but there is never any in-depth discussion of problems and
solutions.

I would also be interested if anyone else has a different solution.

-- 
Michael Potter

On Nov 30, 2007 6:32 AM, Dirk Westfal <dwestfal at googlemail.com> wrote:
> Hi all,
>
> i`m looking for a way to:
> - record commands and results executed by root
> - record them in an 'action journal' in a database
>
> Has anyone tried something like this before?
>
> The idea is to create log entries from actions like:
>
> #vi /etc/samba/shares.conf
> #chgrp -R users /home/all
> #chmod g+srwx /home/al
> # not found
> #chmod g+srwx /home/all
> #exit
>
> as entries like:
> $timestamp - root logs in from $station
> $timestamp -  vi /etc/samba/shares.conf - success
> $timestamp -  chgrp -R users /home/all - success
> $timestamp -  chmod g+srwx /home/al - failed - result: not found
> $timestamp -  chmod g+srwx /home/all - success
> $timestamp - root logged off
>
> tia,
> dwe
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>