Linked by Thom Holwerda on Thu 4th Sep 2008 16:52 UTC, submitted by BlueVoodoo
Over at one of IBM's many developer websites, there's an article on new features of the Korn Shell. "New features of the Korn Shell provide system administrators and management with the ability to monitor, track, record, and audit every command executed by any user of a system. This is different from the normal shell history, and provides detailed information that includes date, time, tty, user, and the command. This information can be stored locally or transmitted in real time to a remote logging system."
Thread beginning with comment 329378
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Member since:
2006-09-12
Pretty great feature to be sure, and long overdue. However it's not exactly a watertight solution. It's better than nothing, but I think it would not be difficult to get around this logging, starting with firing up a different shell, or masking your commands by running them in a script.
At one time a truly excellent solution for shell auditing was the OSS project Enterprise Audit Shell, but unfortunately that project was quickly shut down when the source code was bought by some company that turned it into a commercial product.
I've always thought that taking up the last version of the source that was released and running w/it would be a great OSS project to get involved with, but I have no time for it.