root shell auditing and syslog entry for all commands of shell

A lot of times there is a need to log all the messages and the output of the shell to the file or syslog. Sometimes I need that for some user too. script command can be used to do this but then sometimes you cannot tell the user the session is logged or you can ask the user to run this command and it should be automatically done. And sometimes there is a need put the output in the syslog so that the root user has more control and also mail for syslog is sufficient to be analyzed rather than looking for other files. Finally I found this :

Rootsh is a wrapper for shells which logs all echoed keystrokes and terminal output to a file and/or to syslog. Its mail purpose is the auditing of users who need a shell with root privileges. They start rootsh through the sudo mechanism.

This package is there in the Fedora repo\’s so all you need to do to install this is:

yum install rootsh

While you try to run this you might get a error like this:

/var/log/rootsh/amitag.20081215084812.04771: No such file or directory

One quick way to fix this is to run with \”-d\” option.

This problem mainly comes becomes it is mainly designed to be used with sudo. So the choice of how to use is left to you, but indeed a great tool for auditing.

About Amit Agarwal

1 Trackback on “root shell auditing and syslog entry for all commands of shell”