David Serrano dijo: > O sea que yo, usuario, hago 'echo ^D' y consigo que el admin no > grabe lo que hago :^). ¿Es tan sencillo? jeje.
Yo uso Snoopy, http://sourceforge.net/project/?group_id=2091 Snoopy is designed to aid the taks of a sysadmin by providing a log of commands executed. Snoopy is completely transparent to the user and applications it hooks in as a library providing a wrapper around calls to execve() calls. Logging is done via syslogd and written to authpriv allowing secure offsite logging of activity, generally the authpriv is stored as /var/log/auth.log. Ejemplo de la salida: [EMAIL PROTECTED]>tail -f /var/log/auth.log nov 8 11:46:14 onix snoopy[8399]: [amaya, uid:1000 sid:7614]: vi ChangeLog nov 8 11:47:17 onix snoopy[8400]: [amaya, uid:1000 sid:7614]: su - Nov 8 11:47:19 onix su[8400]: + pts/1 amaya-root nov 8 11:47:19 onix PAM_unix[8400]: (su) session opened for user root by amaya(uid=1000) nov 8 11:47:19 onix snoopy[8400]: [amaya, uid:0 sid:7614]: -su Nov 8 11:47:19 onix snoopy[8401]: [amaya, uid:0 sid:7614]: fortune -a Nov 8 11:47:20 onix snoopy[8402]: [amaya, uid:0 sid:7614]: tty -s Nov 8 11:47:20 onix snoopy[8403]: [amaya, uid:0 sid:7614]: stty cs8 -istrip -parenb Nov 8 11:47:20 onix snoopy[8405]: [amaya, uid:0 sid:7614]: /usr/bin/dircolors Nov 8 11:47:27 onix snoopy[8407]: [amaya, uid:0 sid:7614]: tail -f /var/log/auth.log nov 8 11:47:42 onix snoopy[8409]: [(null), uid:1000 sid:8409]: gnome-terminal --use-factory --start-factory-server nov 8 11:47:43 onix snoopy[8413]: [amaya, uid:1000 sid:8412]: fortune -a nov 8 11:47:43 onix snoopy[8414]: [amaya, uid:1000 sid:8412]: tty -s nov 8 11:47:43 onix snoopy[8415]: [amaya, uid:1000 sid:8412]: stty cs8 -istrip -parenb nov 8 11:47:43 onix snoopy[8417]: [amaya, uid:1000 sid:8412]: /usr/bin/dircolors nov 8 11:47:49 onix snoopy[8418]: [amaya, uid:1000 sid:8412]: ls -F -p -N --color=auto Sumado a logcolorize, es fácil detectar actividad sospechosa. Va de vicio, pero los logs suben de tamaño que da gusto :-) -- Open your mind, and your ass will follow - Michael Balzary, aka Flea, RHCP Amaya Rodrigo Sastre www.andago.com Sta Engracia, 54 28010 Madrid BOFH-dev && CVS Evangelist Tfn: 912041124 Fax: 912041111 Listening to: %s