New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
OS X - Development and Darwin Discussion and questions about development for Mac OS X.

Auto-Logging BASH session quietly


Post Reply New Thread Subscribe

 
Thread Tools
danjmwalker

 
Member Since: Oct 04, 2007
Posts: 1
danjmwalker is on a distinguished road

danjmwalker is offline
hey all,

I have something I've been working on w/ relative success, but could use more skilled eyes on the project to get to where I'd really like to see this go.

I've built an administration server w/ Mac OS X Server and I'm running an SSH server that is to be used by engineers to gain access to client networks. my objective is to log all sessions for future audits.

at the moment I'm using the BASH History feature to record all commands in a session to a unique file per session. I've done this by modifying the HISTFILE in the default BASH profile as follows:


# SYSTEM WIDE BASH PROFILE - AUTHOR DW

# PATH INCLUDES DIRECTORY /SW FOR APPS PORTED BY FINK

PATH="/bin:/sbin:/usr/bin:/usr/sbin:/sw/bin"
export PATH

# ACCOUNTING OF TERMINAL SESSION TO /ACCOUNTING DIRECTORY
# SESSION NAME REFLECTS DATE TIME AND USER OF SESSION

export HISTFILE=/Accounting/$(date +"%b%d_%Y"_%H:%M:%S)_$USER

# ALIAS

alias ls="ls -l"
alias show="more"

# BASH CHECK

if [ "${BASH-no}" != "no" ]; then
[ -r /etc/bashrc ] && . /etc/bashrc

fi

# SESSION PROMPT
# PROMPT REFLECTS USER AT SERVER ACTIVE TIME AND COMMAND SEQUENCE NUMBER

PS1="\u@\h \t [\#]#"
PS2=" > "

# END


this does a solid job of logging commands similar to the logs I get from Cisco's Access Control Server (ACS), however, during my trials I stumbled across the SCRIPT command, which records everything that comes across the screen. I like the idea of having the results along w/ the commands to better track the actions of the engineers.

The problem I have with SCRIPT is two fold, First, it announces itself at the start of a new session and even gives away the location. Ex:

Last login: Thu Oct 4 13:53:09 2007 from [WRK_IP]

********************** WARNING ******************************
This is a restricted system.
Unauthorized access to this system is strictly prohibited.
If you do not have proper authorization, log out immediately.
Use of this computer system, authorized or unauthorized,
constitutes consent to monitoring of your activities on this
system. Unauthorized use may subject you to criminal prosecution.
Evidence of unauthorized use collected during monitoring may be
used for administrative, criminal or other adverse action.
************************************************** ***********

Script started, output file is /Accounting/[SRV_NAME]@14:00:43_Oct04_2007


I've found an man writeup of a version that includes a QUIET tag, -q, but the version native to Mac OS X doesn't have this option.

Second, the script runs at the start of opening a new BASH session, but exits back into the BASH session, instead of closing the connection. I need the session to close entirely once logging has stopped. Also, the SCRIPT session doesn't use the prompt settings in the BASH profile.

I'm open to scrapping both approaches if anyone has a better method.

Thanks.
Dan


danjmwalker.net
QUOTE Thanks

Post Reply New Thread Subscribe


« Boost and XCODE | languages in xCode »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

All times are GMT -4. The time now is 07:38 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?