Is it possible to use 'script' command that records what happens in a session as the default shell? How could you deal with multiple logins at once? What about output from rsync and the like?
On Mon, 07 Dec 2015 11:21:13 -0800 Benjamin Smith wrote:
Is it possible to use 'script' command that records what happens in a session as the default shell? How could you deal with multiple logins at once? What about output from rsync and the like?
What problem are you attempting to solve? Have you looked at the bash 'history' command?
On Monday, December 07, 2015 01:29:54 PM Frank Cox wrote:
Benjamin Smith wrote:
Is it possible to use 'script' command that records what happens in a session as the default shell? How could you deal with multiple logins at once? What about output from rsync and the like?
What problem are you attempting to solve? Have you looked at the bash 'history' command?
We'd like to have an auditable history of what happened on production servers, kept for a period of time. (perhaps a week?) It's a very busy production environment, but the only shell-level access to the systems are administrative, but having a history of activity as well as the output would have been highly valuable this morning to verify that a mistake that might have been made was. (or wasn't!)
I'm familiar with `history`but it has a few problems:
1) You only see the commands entered. 2) You only see the commands in other shells after you log out. 3) You don't see the output from the commands. 4) Histories can be lost altogether if the shell exits abnormally. (EG tcp timeout)
I was thinking of a shell script something like (PSEUDO code)
#! /bin/sh LOGFILE=`date --format='Ymd:Hms'`; script /var/log/histories/root.$LOGFILE exit $?
And putting it as the shell in /etc/passwd, but this *has* to be the kind of thing that somebody else has done, right?
Benjamin Smith wrote:
On Monday, December 07, 2015 01:29:54 PM Frank Cox wrote:
Benjamin Smith wrote:
Is it possible to use 'script' command that records what happens in a session as the default shell? How could you deal with multiple logins at once? What about output from rsync and the like?
What problem are you attempting to solve? Have you looked at the bash 'history' command?
We'd like to have an auditable history of what happened on production servers, kept for a period of time. (perhaps a week?) It's a very busy production environment, but the only shell-level access to the systems are administrative, but having a history of activity as well as the output would have been highly valuable this morning to verify that a mistake that might have been made was. (or wasn't!)
I'm familiar with `history`but it has a few problems:
- You only see the commands entered.
- You only see the commands in other shells after you log out.
- You don't see the output from the commands.
- Histories can be lost altogether if the shell exits abnormally. (EG tcp
timeout)
I was thinking of a shell script something like (PSEUDO code)
#! /bin/sh LOGFILE=`date --format='Ymd:Hms'`; script /var/log/histories/root.$LOGFILE exit $?
And putting it as the shell in /etc/passwd, but this *has* to be the kind of thing that somebody else has done, right? _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Hi,
While not solving all your problems ZSH may be of help. With ZSH you can configure it to save history immediately upon command being entered and therefore never lose the history. Although, you can still lose it if someone purposely deletes it. But then the same can be applied to any shell logger.
Additionally this means recent commands will be in the history file as soon as they run, thus you do not have to close the shell in order to view the recent commands run.
Using .zshrc it's simply the case of using "setopts inc_appendhistory" to get that functionality.
Although getting used to a whole new shell could be a bit of a challenge if you are very used to BASH.
There's also many other features which may be helpful to you. Such as time stamps and shared history.
Search "history" on this page to see more: http://linux.die.net/man/1/zshoptions
I personally use ZSH where-ever possible as I personally find it to be better than BASH, however this is more of a preference than anything.
Good luck though :-)
Kind Regards, Jake Shipton (JakeMS) Twitter: @CrazyLinuxNerd GPG Key: 0xE3C31D8F GPG Fingerprint: 7515 CC63 19BD 06F9 400A DE8A 1D0B A5CF E3C3 1D8F
On Mon, Dec 07, 2015 at 11:40:08AM -0800, Benjamin Smith wrote:
We'd like to have an auditable history of what happened on production servers, kept for a period of time. (perhaps a week?) It's a very busy production environment, but the only shell-level access to the systems are administrative, but having a history of activity as well as the output would have been highly valuable this morning to verify that a mistake that might have been made was. (or wasn't!)
You can use auditd to do this, but it won't capture the output, just the command and its exit code.
To go along with the zsh suggestion, I believe that you can compile ksh93 to include auditing, but it's not enabled on any of my systems.
-
Benjamin Smith -
Frank Cox -
Jake Shipton -
Jonathan Billings