Re: rm logging
on Mon, Dec 03, 2001 at 01:37:12AM +0100, Kim De Smaele ([EMAIL PROTECTED]) wrote: > No, I'm running solaris 7 on it. > I'just trying to find out a way to setup a logging for the rm command. > Not for every user on the entire system, just for some users, defined by > default group ( defined in /etc/profile ( ksh )). > > I was told by one of our OVMS admins that there is a logging available on > OVMS. > I 'm more looking for a history of all the times 'rm' is used ( executed by > user or program ). Please fix your quoting style and use postfix (response follows quoted) style. There is a process accounting package which will log use of specific commands under GNU/Linux, though not with the arguments used. See the Debian acct package for more info. The other option is to provide a wrapper (shell or programmatic) around 'rm' which logs invocations, e.g.: #!/bin/sh # define the "real" rm command REALRM= # log data to file logger -f /var/log/cmdlog "$( date ) $USER $*" # run real command on quoted arguments $REALRM $@ Note that it would be trivial for an even slightly experienced user to bypass this facility. Peace. -- Karsten M. Selfhttp://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? Home of the brave http://gestalt-system.sourceforge.net/ Land of the free Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org Geek for Hire http://kmself.home.netcom.com/resume.html pgpt23m3EQOJ1.pgp Description: PGP signature
RE: rm logging
No, I'm running solaris 7 on it. I'just trying to find out a way to setup a logging for the rm command. Not for every user on the entire system, just for some users, defined by default group ( defined in /etc/profile ( ksh )). I was told by one of our OVMS admins that there is a logging available on OVMS. I 'm more looking for a history of all the times 'rm' is used ( executed by user or program ). any ideas? cheers, Kim -Oorspronkelijk bericht- Van: Kirk Strauser [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 30 november 2001 20:17 Aan: debian-user@lists.debian.org Onderwerp: Re: rm logging At 2001-11-30T14:13:05Z, "DE SMAELE Kim (BMB)" <[EMAIL PROTECTED]> writes: > I am trying to setup an remove logging on a few of our sun E10K > development servers. You're running Debian GNU/Linux on an E10K? Not that there's anything wrong with that, but I thought that would be pretty unusual. > Is there any one of you who has an idea howto log every rm command ( not > in the syslog or with the sysdaemon if possible ). What are you trying to accomplish? Do you want to individually record each and every file that gets deleted, by all programs and users, transparently throughout the entire system? Or do you just want a history of all the times you typed 'rm'? Your answer will greatly influence the responses you get. > DISCLAIMER > > "This e-mail and any attachment thereto may contain information which is > confidential and/or protected by intellectual property rights and are > intended for the sole use of the recipient(s) named above. This notice is a little bit goofy when attached to an email to a public mailing list with world-viewable web archives. -- Kirk Strauser -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: rm logging
At 2001-11-30T14:13:05Z, "DE SMAELE Kim (BMB)" <[EMAIL PROTECTED]> writes: > I am trying to setup an remove logging on a few of our sun E10K > development servers. You're running Debian GNU/Linux on an E10K? Not that there's anything wrong with that, but I thought that would be pretty unusual. > Is there any one of you who has an idea howto log every rm command ( not > in the syslog or with the sysdaemon if possible ). What are you trying to accomplish? Do you want to individually record each and every file that gets deleted, by all programs and users, transparently throughout the entire system? Or do you just want a history of all the times you typed 'rm'? Your answer will greatly influence the responses you get. > DISCLAIMER > > "This e-mail and any attachment thereto may contain information which is > confidential and/or protected by intellectual property rights and are > intended for the sole use of the recipient(s) named above. This notice is a little bit goofy when attached to an email to a public mailing list with world-viewable web archives. -- Kirk Strauser
Re: rm logging
On Fri, Nov 30, 2001 at 03:13:05PM +0100, DE SMAELE Kim (BMB) wrote: > I am trying to setup an remove logging on a few of our sun E10K development > servers. > Is there any one of you who has an idea howto log every rm command ( not in > the syslog or with the sysdaemon if possible ). You will have to recompile rm. You'll also almost certainly have to use the syslog, because anything else would require either having a world-writeable log file (rather pointless for this task) or a new setuid/setgid program (bad idea). I can't help thinking you're trying to solve the wrong problem. What happens if somebody uses the unlink() system call, or if somebody just truncates a file to zero length? You can't log everything unless you want to hack the kernel and have a great deal of time to analyse log files. -- Colin Watson [EMAIL PROTECTED]
rm logging
Hi all, I am trying to setup an remove logging on a few of our sun E10K development servers. Is there any one of you who has an idea howto log every rm command ( not in the syslog or with the sysdaemon if possible ). Thanks in advance. Best Regards, Kim De Smaele Proximus Belgacom Mobile IT Infrastructure - Layered Products Solaris system administrator DISCLAIMER "This e-mail and any attachment thereto may contain information which is confidential and/or protected by intellectual property rights and are intended for the sole use of the recipient(s) named above. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone or by e-mail and delete the material from any computer". Thank you for your cooperation. For further information about Proximus mobile phone services please see our website at http://www.proximus.be or refer to any Proximus agent.