I sometimes need to allow sub-contracted admins root ssh access to my servers. Later, I always wonder what they did during access.
Is there any shell that provides all shell abilities to the remote user but monitors/emails a designated user each command executed in the shell terminal and does not allow the user (even root) to modify the bash history file or similar shell history file, or maybe sending each command by email to a remote server, so that modifying history becomes out of question?
Hope someone can help.
With regards. Sanjay.
Simply tell them "Do not modify the command history or we wont hire you again.".
Pretty non technical solution to what is a staffing issue.
-Drew
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Sanjay Arora Sent: Tuesday, November 14, 2006 2:03 PM To: CentOS Mailing List Subject: [CentOS] OT: Q: Howto implement a monitored Shell for remote logins
I sometimes need to allow sub-contracted admins root ssh access to my servers. Later, I always wonder what they did during access.
Is there any shell that provides all shell abilities to the remote user but monitors/emails a designated user each command executed in the shell terminal and does not allow the user (even root) to modify the bash history file or similar shell history file, or maybe sending each command by email to a remote server, so that modifying history becomes out of question?
Hope someone can help.
With regards. Sanjay.
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 14/11/06, Sanjay Arora sanjay.k.arora@gmail.com wrote:
I sometimes need to allow sub-contracted admins root ssh access to my servers. Later, I always wonder what they did during access.
Is there any shell that provides all shell abilities to the remote user but monitors/emails a designated user each command executed in the shell terminal and does not allow the user (even root) to modify the bash history file or similar shell history file, or maybe sending each command by email to a remote server, so that modifying history becomes out of question?
If you only allow them to...
$ sudo su - #
... doesn't sudo then keep track of their actions? There are other alternatives, sudosh for one.
http://sourceforge.net/projects/sudosh/
I'm pretty certain there are others too, from memory of the last time I looked into shell auditing.
Will.
try out Zorp. See www.balabit.com for more info. They have SSH proxy and it works great. You can audit the channel and enable/disable subchannels (X Forwarding etc.) Right now they released a Shell Control Box product (web based administration etc.) It's commercial product but works great.
bye, Ago
Will McDonald írta:
On 14/11/06, Sanjay Arora sanjay.k.arora@gmail.com wrote:
I sometimes need to allow sub-contracted admins root ssh access to my servers. Later, I always wonder what they did during access.
Is there any shell that provides all shell abilities to the remote user but monitors/emails a designated user each command executed in the shell terminal and does not allow the user (even root) to modify the bash history file or similar shell history file, or maybe sending each command by email to a remote server, so that modifying history becomes out of question?
If you only allow them to...
$ sudo su - #
... doesn't sudo then keep track of their actions? There are other alternatives, sudosh for one.
http://sourceforge.net/projects/sudosh/
I'm pretty certain there are others too, from memory of the last time I looked into shell auditing.
Will. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 11/14/06, Sanjay Arora sanjay.k.arora@gmail.com wrote:
I sometimes need to allow sub-contracted admins root ssh access to my servers. Later, I always wonder what they did during access.
Is there any shell that provides all shell abilities to the remote user but monitors/emails a designated user each command executed in the shell terminal and does not allow the user (even root) to modify the bash history file or similar shell history file, or maybe sending each command by email to a remote server, so that modifying history becomes out of question?
You could also use the script and ttysnoop utilities to monitor activity.
- Ryan
Is there any shell that provides all shell abilities to the remote user but monitors/emails a designated user each command executed in the shell terminal and does not allow the user (even root) to modify the bash history file or similar shell history file, or maybe sending each command by email to a remote server, so that modifying history becomes out of question?
Enterprise Audit Shell does this. It provides a central facility for logging, which uses a client/server model to transmit logs to the central log server. It is free and open source, however it disappeared not too long ago ... search the list archives for someone who has posted a link to a private copy of it.
Barry
On Tue, 14 Nov 2006, Barry Brimer wrote:
Enterprise Audit Shell does this. It provides a central facility for logging, which uses a client/server model to transmit logs to the central log server. It is free and open source, however it disappeared not too long ago ... search the list archives for someone who has posted a link to a private copy of it.
Not really a private copy of Enterprise Audit Shell -- I had not yet reviewed the license to make sure the copy I had was generally redistributable yet, when I first posted over on the Nahant list. It appears to be such.
The SRPM is at: ftp://ftp.owlriver.com/pub/mirror/ORC/eas
-- Russ Herrold
Not really a private copy of Enterprise Audit Shell -- I had not yet reviewed the license to make sure the copy I had was generally redistributable yet, when I first posted over on the Nahant list. It appears to be such.
The SRPM is at: ftp://ftp.owlriver.com/pub/mirror/ORC/eas
My mistake, Russ .. "private copy" wasn't a good choice of words on my part. :)
Barry
-
Barry Brimer -
Deim Agoston -
Drew Weaver -
Matty -
R P Herrold -
Sanjay Arora -
Will McDonald