* Bret Lambert <bret.lamb...@gmail.com> [16.09.2013. @13:57:46 +0200]: > On Mon, Sep 16, 2013 at 07:48:14AM -0400, Jiri B wrote: > > On Mon, Sep 16, 2013 at 01:33:33PM +0200, Bret Lambert wrote: > > > On Mon, Sep 16, 2013 at 01:31:58PM +0200, Bret Lambert wrote: > > > > On Mon, Sep 16, 2013 at 07:28:21AM -0400, Jiri B wrote: > > > > > Usual unix process accounting does not take care about commands' args. > > > > > Anyway, you probably won't care about what normal users execute, you > > > > > probably want that only for admins/root. Then I would propose to build > > > > > a server with conserve (console server) which would be used as source > > > > > host to ssh/console to destination servers for admins/root. conserve > > > > > can save sessions in text form, you could have a filter and send it > > > > > via > > > > > syslog/whatever to central logging server. > > > > > > Why make shit more difficult than it need be? From the sudo man page: > > > > > > > > sudo also supports logging a command's input and output streams. > > > > > > Er, I meant to copy > > > > > > sudo can log both successful and unsuccessful attempts > > > > > > I blame the lack of something in my something system. > > > > Yes it would be better to use sudo but some env are setup to allow direct > > login to root :/ > > And the fact that they can do this via sudo should serve as an impetus > for those admins to stop Doing it Wrong(tm). > > I understand that there are exceptions to the "best practices dictate > root-level access through sudo", but the original email that started > this thread seems to indicate that there's a need to keep tabs on some > henchmen/underlings/poorly-trained monkies. That screams "don't give > them direct root logins", to me.
Yes, I was looking for a way to keep track of commands run by different users on the machine, and I was aware that various shells have a HISTFILE. Sorry for not clarifying my intentions in my original post ;-) I will probably turn sudo command logging and turn off root logins, since it seems the most straightforward solution. Thanks for all the replies ;-) -- regards, Wiesław Kielas