partial summary: key logger on Solaris

From: <Pit-Ong.Ong.Goh_at_reuters.com>
Date: Mon Jun 14 2004 - 03:50:46 EDT
Hi,

Thanks to Alan, Bill, Reggie & Stoyan.  I would also like to be able to log down
commands of users who do not do "su" as sometimes certain files are
owned by a group - one way I thought of logging is placing a 'script username.txt'
in /etc/profile & based on which user logs in, vary username.txt accordingly but
this one has a problem in that if we put 'exit' in /etc/profile, it does not quite exit
properly).  If only it works, I would be able to 'script' down every input keystroke
+output into a text file.

Using "sudo" methods partially achieves the objective only.

Certainly, a banner will be placed to inform users that all their activities will be
logged/monitored.


Rgds
Goh

========================== replies follows ==============================


1.  Adjust the firewalls and sshd settings to allow ssh login only from
one server.
2.  Force everyone to login to that server as their own user.  Log all
traffic passing through that box in each separate ssh session.

That's what one of the banks I am working in does.

Alan



Plse see http://www.sunfreeware.com and download
'sudo'. 'Sudo' will log every commaond executed by a
user. This would mean, however, the the admins woudl
not know the root passwd, however they would not need
it.

Regards,
Reggie Beavers
                                                                                                                   
                                                                                                                   
                                                                                                                   



Hi,

You could use separate logins for each of the administrators (separate
accounts on the system), and then let them manage the machine
(issue commands with superuser privileges) via sudo (http://www.sudo.ws/sudo/)

Thus you can 1) get fine-grained control of who doing which and 2) log actions
so you know that the command was issued by a specific account.

Best Regards,
Stoyan Genov

---- Pit-Ong.Ong.Goh@reuters.com on 2004-06-13 18:18:55:29 CEST (Sunday): ----
> Hello,
>
> There are several administrators to one of our critical Sun server (Solaris 7)
> box & we would like to have some kind of keylogger to log down commands
> (in particular changes) that are done to the system - in the same manner
> Ciscoworks/TACACS could log down changes done by every user who
> login to a Cisco device.  Would be best if the keylogger can identify who
> is typing what commands & store the files separately for each user.
>
> Thanks in advance,
> Goh
>
>
> _______________________________________________
> sunmanagers mailing list
> sunmanagers@sunmanagers.org
> http://www.sunmanagers.org/mailman/listinfo/sunmanagers







--------------------------------------------------------------- -
        Visit our Internet site at http://www.reuters.com

Get closer to the financial markets with Reuters Messaging - for more
information and to register, visit http://www.reuters.com/messaging

Any views expressed in this message are those of  the  individual
sender,  except  where  the sender specifically states them to be
the views of Reuters Ltd.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Mon Jun 14 03:50:39 2004

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:32 EST