Terminal input output logger / Teminal recording

Logging terminal input and output
------------------------------------------

After a lot of googling I found a tool that can log all input and output of terminal in Unix system

The tool is rootsh and its not only used for logging but also used for root login for normal users using sudo.

So that the command entered by the user will be logged in a file as well as on syslog

We can make rootsh as a shell , So that all the activity by that particular user will be logged

The tool is released under GNU Open source license

You can download the tool from

http://sourceforge.net/projects/rootsh/

I made a modified copy of mine on
https://sites.google.com/site/ansilh/rootsh

The tool will log username,commands and its output in a file -- But no client IP
The command can be started as a shell -But it will take the default shell

I made some modification on this and it's working perfectly on my Linux machine
The link here

https://sites.google.com/site/ansilh/rootsh/rootsh-1.5.3-final.tar.gz

The extra modules I added are here
username.c --->This will challenge the user to enter actual name of user and
purpose of login
https://sites.google.com/site/ansilh/rootsh/username.c

readconf.c ----->This will read configuration file /etc/rootsh.conf
format of the file will be

:
e.g
ansil:/bin/bash

do not add space on end of the line (need some code changes)
https://sites.google.com/site/ansilh/rootsh/readconf.c

Keep an eye on here ..more to come like remote logging with TLS security on a separate file for a separate action

Comments

  1. AnonymousOctober 8, 2013 at 10:24 AM

    I have a code which is user interactive, so i need to log just the input only so that i can create input file to the code later..

    thanks

    ReplyDelete
    Replies
    1. AnsilOctober 10, 2013 at 2:45 AM

      Hi,
      You meant to say , you already have code that will record only input of user ?
      Would you like to share it ?
      you already incorporated in "rootsh" source code ?

      Delete

Post a Comment

Popular posts from this blog

How to Configure YUM in RHEL6

Easy way to create your own repo 1. Put your RHEL6 media on DVD drive 2. Create a partition with size 6GB and mount it as /yum 3. Download the below script to /yum https://sites.google.com/site/ansilh/rhel6_repo.sh 4. Give execute permission to the downloaded script 5. Please open the file and try to understand it. If you found all safe ,then go to next step 6. Execute it...You will get an RHEL repo accessible through ftp ***Please feel free to comment your experience *** ======================================= Manual Steps (*Different approach from above script .The repo file not look like usual one) YouTube Link : http://www.youtube.com/watch?v=scBtTTwLze0   1.create a directory to store packages .(Better you create a partition with 5GB size and mount it as /YUM) mkdir /YUM 2.mount RHEL6 DVD mount /dev/dvd /mnt 3.go to the mounted directory cd /mnt/Packages/ 4.copy all contents of DVD to /YUM (Note the "." in command ) cp . /YUM/ 5.Install create...
Read more

How to Configure Squid with Mysql DB authentication

Download squid source from http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE24.tar.gz Copy the downloaded file to /tmp Tar –zxvf squid-3.0.STABLE24.tar.gz Cd squid-3.0.STABLE24 ./configure --enable-basic-auth-helpers=DB make make install Download Current Mysql5.1 Source RPM from http://dev.mysql.com/get/Downloads/MySQL-5.1/MySQL-5.1.44-1.glibc23.src.rpm/from/ftp://mirror.anl.gov/pub/mysql/ Copy MySQL-5.1.44-1.glibc23.src.rpm /tmp Rpm –ivh MySQL-5.1.44-1.glibc23.src.rpm Cd /usr/src/redhat/SPEC Rpmbuid –bb mysql-5.1.44.spec After compilation the RPM files will be in /usr/src/redhat/`uname –m`/RPMS Cd /usr/src/redhat/`uname –m`/RPMS Rpm –ivh MySQL-server-5.1.44-1.glibc23.ia64.rpm The service will start automatically after installation Here we are using Default Mysql database engine MyISAM (Non transactional Engine) In a large application Database we will use Engine INNODB (Transactional engine).It has many configurable options to get mysql to work efficiently with maximum perf...
Read more

HMC vtmenu exit

You can exit the cosole of an LPAR ,that has been taken using HMC vtmenu ,by typing "~." (press dot key after tild without qoutes ) If you had taken HMC vtmenu using SSH ,your ssh connection to HMC will alse loses.
Read more