SUMMARY: Software that keeps track of every command typed on the system

From: Srinivasa R. Yalavarthy (srini@bheema.concorde.com)
Date: Mon Mar 18 1996 - 08:28:56 CST


Hi!
        Thanks for many (a lot) responses from many kind souls. Here I am
giving their responses with their email addresses. Please note the first
response where you get a perl/expect/tcltk script from Tim Wort (kind man).
I have got the script from him but I would lke you people to get it from
him, 'cos I don't want to redistribute his scripts w/o his permission.

Here we go...

Date: Wed, 6 Mar 1996 15:15:42 -0700
From: Tim Wort <tim@access.com>
To: srini@concorde.com
Subject: Re: Software that keeps track of every command on the system
 
 
I have an expect script written by a friend of mine, works like this:
 
You replace the root shell with a perl script that does a "system" call to
the expect script passing the PID as a argument and waits for the system
command to exit. (more about this script in a paragraph or so)
 
The expect script starts a csh with a login and logs the session to a
log file with no append to /var/tmp/log.PID. When root logs out the
expect script ends and returns to the calling perl script.
 
the perl script then sends the log file from /var/tmp to a specified
usr via email. The email contains the complete session.
 
This will require a number of things namely:
 
must have perl
must have expect
must have tcl
must run root in a c-shell
 
If your still interested I'll send you the scripts.
     =====================================
From: Donnie Culanag <grnlake@dopamine.ca.boeing.com>
To: "Srinivasa R. Yalavarthy" <srini@concorde.com>
Subject: Re: Software that keeps track of every command on the system
 
 
Cheers:
Don't know if this is of any help .. but lastcomm will show
some of these commands.. later
     
         =============================

From: Kevin Inscoe <kpi@hobbes.crc.com>
Reply to: kpi@crc.com
To: srini@concorde.com
Subject: Re: Software that keeps track of every command on the system

I don't know which O/S you are running and about EVERY command, but if
you are using Solaris 1/SunOS 4 do a man lastcomm.
 
Kevin

        ===============================

From: Dave England <maildoc@sis.com>
To: srini@concorde.com
Subject: Re: Software that keeps track of every command on the system

Check out C2 on SunOS. Or use sudo if you only want to keep track
of root people.

        ========================

From: Todd Michael Kennedy <tkennedy@phoenix.csc.calpoly.edu>
To: srini@concorde.com
Subject: Re: Software that keeps track of every command on the system

This is built in to SunOS & Solaris. All you need to do is turn on the
accounting software by typing the command: `accton`
 
Then you can check who's executed what by running `acctcom`
 
There are other pieces of the accounting package that you'll need to run
periodically. (Such as `ckpacct`, `runacct`, and `monacct`) Take a look
at the acct(1m) [or acct(8) under SunOS] manpages.
 
Best Regards,
  Todd
        ========================================

Date: Wed, 6 Mar 1996 17:52:00 -1000 (HST)
From: Don <dkobayas@mahi.nmfs.hawaii.edu>
To: "Srinivasa R. Yalavarthy" <srini@concorde.com>
Subject: Re: Software that keeps track of every command on the system
 
Please summarize this one as I am very interested in the replies you
get. Thanks, Don

        ===============================================
Date: Thu, 7 Mar 1996 14:35:15 +0800
From: Brett Newton-Palmer <palmerb@wmcmis.DIALix.oz.au>
To: srini@concorde.com
Subject: Re: Software that keeps track of every command on the system
 
 
The "sudo" program enables this - it's a replacement for "su" -
 grab it off any FTP site .....

        =============================================
Date: Thu, 7 Mar 96 13:15:52 +0500
From: VIKAS.ARORA/OU=de/OU=delhi/OU=india@sgpgtw.sgp.st.com
To: srini@concorde.com
Subject: Software that keeps track of every command on the system
Hi
 
Incase you get one please let me know !
 
Thanks and Best Regards
vikas.arora@st.com

        ===========================

From: Tim Brown <tmb@myxa.com>
To: srini@concorde.com
Subject: Re: Software that keeps track of every command on the system
 
Srini,
 There are several things that you should look at.
        1. Turning on Unix Auditing
        2. Sudo
        3. PowerBuilder from FSA
 
 Unix auditing allows you to look at all commands that root does
 as well as individual users. However it is quite tedious since
 there is lots of data that is generated on a daily basis which
 needs to be dealt with.
 
 Sudo (free) and PowerBuilder (commercial) are ways of granting
 no-root users access to select privileged user accounts. This
 means you don't need to give every one the root password they
 can run a command as root by prefacing the command with sudo or
 pbrun.
 
 For more information on PowerBuilder contact:
        
        Freedman Sharp and Associates Inc.
        1011 First Street SW, Suite 508
        Calgary, Alberta
        Canada T2R 1J2
        
        (403) 264-4822 (voice)
        http://www.fsa.ca
 
        =====================================
From: "Marc L. Summers-SysAdmin" <marcs@tdd.hbo.nec.com>
To: "Srinivasa R. Yalavarthy" <srini@concorde.com>
Subject: Re: Software that keeps track of every command on the system
 
If you find something that does this, please let me know.
 
        ===========================

From: Lyle Miller <lyle@ocs.com>
To: "Srinivasa R. Yalavarthy" <srini@concorde.com>
Subject: Re: Software that keeps track of every command on the system
 
 
In Solaris, you can simply touch (create) a file called "/var/adm/pacct".
This will allow you to then run the *lastcomm* command. This should
provide some of the info you are looking for, I think. The output file
can grow quickly, so keep it in check...:)
 
Good luck...
        =======================
From: Amanul Haque <ahaque@psisa.com>
To: srini@concorde.com
Subject: Re: Software that keeps track of every command on the system
 
Try sudo. On netscape, do a netsearch and you will find the url name for the
latest. You also might want to disable root logins via telnet/rlogin; ie,
force
users to login as themselves, and then "su" to root.
        ============================
From: "Kohler R. P." <z055084@uprc.com>
To: srini@concorde.com
Subject: Re: Software that keeps track of every command on the system
 
 
I'd also be interested in your replies..
 
We've implemented a version of "sudo" that does this, but is very time
consuming setting up the rules..

        =================================
From: "Rasana P. Atreya" <Rasana.Atreya@library.ucsf.edu>
To: "Srinivasa R. Yalavarthy" <srini@concorde.com>
Subject: Re: Software that keeps track of every command on the system
 
Please do summarize. I'd be interested.
 
Thanks,
Rasana
        ==========================

From: Parks Fields <parks@xdiv.LANL.GOV>
To: srini@concorde.com
Subject: Re: Software that keeps track of every command on the system
 
Please let me know what you get ..
Thanks
 
 
parks
        ========================
From: Jay Lessert <jayl@lattice.com>
To: "Srinivasa R. Yalavarthy" <srini@concorde.com>
Subject: Re: Software that keeps track of every command on the system
 
If you just want to know what commands are being executed by what users,
try 'man -k account'.
        ==============================

From: Udesh Naicker <seethim@netcom.com>
To: srini@concorde.com
Subject: Re: Software that keeps track of every command on the system
 
Hi
 
This might not be the solution but has certainly worked in many
environments.
 
I think the history file keeps track of every command and to
establish more control set up your environment such that only one or
two key users have root access ( ie. the root password ) , and the
other users who might need root access , do not have the password BUT
have SU capability to root. Hence you can look at the history file
and see who did a SU to root and what commands they executed.
 
I heard people talk of a package called GateKeeper, this might also
be helpfull. I am not sure who the vendor is.

Good Luck
 
Udesh Naicker
        ===============================

From: Frank Greco <fgreco@lehman.com>
To: "Srinivasa R. Yalavarthy" <srini@concorde.com>
Subject: Re: Software that keeps track of every command on the system

see lastcomm(1) and acct(5).... This is standard Unix stuff that's been
there for decades.
 
Frank G.

        =================================================
        
 -srini



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:55 CDT