Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 25 Jul 2007 11:44:19 +0100
From:      Feargal Reilly <>
Subject:   Re: Root access loggin
Message-ID:  <>
In-Reply-To: <054701c7ce2d$6f42d6d0$6400a8c0@msdi.local>
References:  <050b01c7ce16$960a0570$6400a8c0@msdi.local> <> <> <> <> <054701c7ce2d$6f42d6d0$6400a8c0@msdi.local>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> Exactly, I don't know what needs to be done, and they don't
> neither. That's why they need to browse around trying to
> figure out why their installer doesn't work.
> Sudo wouldn't be any help here cause I would need to pre
> approve commands and I don't know which one will be needed.
> Basically, I don't there there is a better solution then
> giving away the root password, but at least, I would like a
> log of what has been done.
> Naturally, I understand any log could be overwritten/modified
> since the person is root, but since I don't think Zend would
> make fun in hacking my server, the point in having the log is
> to undo anything I wouldn't approve ..

You may want to have a look at shells/tcsh-bofh - it installs a
patched tcsh shell in /usr/local/bin which logs all commands to
the USER syslog facility . Set both their user and root's shell
to that tcsh (or copy over the system tcsh) and you'll have a
log of all their commands, provided they don't run another
shell, something you'll just have to instruct them on. Tell them
you'll consider it trespassing if they use another shell.

As far as protecting logs, securelevels will offer some degree
of protection. If you set syslog to log user.* to a seperate
file, and then set the sappnd and sunlnk flags, then the file
can only be appended to. If you then raise your securelevel to
1, these flags can not be removed. If you're being that
paranoid, you'll want to set flags on syslog.conf as well, so
the facility can't be changed.

I haven't actually tried any of the above, so your mileage will
definitely vary.


Feargal Reilly, Chief Techie, FBI.
PGP Key: 0xBD252C01 (expires: 2006-11-30)
Web: | Tel: +353.14988588 | Fax: +353.14988489
Communications House, 11 Sallymount Avenue, Ranelagh, Dublin 6.

Want to link to this message? Use this URL: <>