From owner-freebsd-questions Thu Apr 4 7:44:58 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail.mango-bay.com (mail.mango-bay.com [208.206.15.12]) by hub.freebsd.org (Postfix) with ESMTP id 5AE4C37B41F for ; Thu, 4 Apr 2002 07:44:27 -0800 (PST) Received: from barbish ([63.70.155.114]) by mail.mango-bay.com (Post.Office MTA v3.5.3 release 223 ID# 0-52377U2500L250S0V35) with SMTP id com; Thu, 4 Apr 2002 10:44:21 -0500 From: "Joe & Fhe Barbish" To: "Galella, Anthony" Cc: "FBSDQ" Subject: RE: verbose logging of root? Date: Thu, 4 Apr 2002 10:44:20 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <59F55CE047A6D51196360002A534A4AC3703E7@pysmsx102.py.intel.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG FBSD has a command line command called 'script'. This command will log everything done, to a file, after the command is issued. Put this command in /root/.login file. This is a very simple one use approch. To do it right you should write a script containing the 'script' command with code to control the creating a new numbered file each time the root account is used. Or use toor, FBSD has 2 GOD accounts, root and his twin toor, this is root spelled backwards. Let your "backup" sysadmin use toor with the special script, and you be the single user of root. OR just put the special script on the normal account the "backup" sysadmin uses and let him su to root. The key here is the FBSD 'script' command. -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Galella, Anthony Sent: Thursday, April 04, 2002 10:11 AM To: 'Rob B'; Galella, Anthony Cc: 'freebsd-questions@freebsd.org' Subject: RE: verbose logging of root? Unfortunately sudo won't help in this situation. There is a "backup" sysadmin here that has root access in case I am not available. He is learning, but I want to be able to track everything he does as root in order to know exactly what is happening on the system. Case in point: he chown'd and chmod'd a whole directory structure, causing loss of access for users. I found the problem, and fixed it, but if I could track what he did in the logs, I could be aware of these things before users are (hopefully):) Anthony J. Galella anthony.galella@intel.com -----Original Message----- From: Rob B [mailto:rbyrnes@ozemail.com.au] Sent: Wednesday, April 03, 2002 8:51 PM To: Galella, Anthony Cc: 'freebsd-questions@freebsd.org' Subject: Re: verbose logging of root? At 03:06 4/04/2002, Galella, Anthony sent this up the stick: >This is more of a Un*x question rather than FBSD specific. > >Is it possible to do extremely verbose logging of all everything done by >root for security purposes? > > >We ssh to the server and I can make ssh do verbose logging, but that logs >every user, I just need to log from the point someone su's to root. This is not a *direct* answer to your question, but an alternative suggestion. Rather than letting users su to root, why not use a tool such as sudo (/usr/ports/admin/sudo)? sudo will log every command, and has an extensive permissions system in it's conf file. sudo also prevents every user who needs root permissions from knowing the root password, they simply use their own password. sudo also logs any unauthorised usage. Cheers, Rob -- Hey, go buy a plane ticket to another state of mind, okay? [15200.8 km (8207.8 mi), 262.8 deg](Apparent) Rennerian This is random quote 504 of a collection of 1223 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message