2

Possible Duplicate:
How do I log every command executed by a user?

How can I log SSH activity on 10.04 Ubuntu Server? This includes all commands he issued and output he got.

Michael
  • 397
  • 1
  • 7
  • 14
  • check this out http://serverfault.com/questions/140347/record-everything-on-command-line-centos-fedora-ubuntu – neolix Feb 22 '12 at 07:03
  • Or even better, see this. http://serverfault.com/questions/336217/how-do-i-log-every-command-executed-by-a-user – Zoredache Feb 22 '12 at 08:13

3 Answers3

2

2 options I see for you:

  1. Use rootsh. Rootsh is a wrapper for shells which logs all echoed keystrokes and terminal output to a file and/or to syslog. It's main purpose is the auditing of users who need a shell with root privileges. They start rootsh through the sudo mechanism. This wil not log everything, only what they perform in a root shell.

  2. Use screen. You can force users in a screen-session when they log on to your server, you can then use screen to log everything they type.

But the bottom-line is, if you don't trust a user, don't allow them on your system. No system is bulletproof.

Bart De Vos
  • 17,761
  • 6
  • 62
  • 81
  • I guess `rootsh` is not a good option since they may or may not do actions with root privileges, but I need to know about all actions. For the `screen` I am not sure how to force and will they be aware easily that they are in screen? If you could give some hints on how to force ssh login to enter screen, then I might try experience. Actually it's not about breaking something on my system, just monitoring the job is done properly or not. It's not a security issue, just supervising. – Michael Feb 22 '12 at 08:09
  • The, you should probably have a look at this: http://serverfault.com/a/336234/59789 – Bart De Vos Feb 22 '12 at 08:24
0

Possible screen as shell?

But its hard for be sure, that user cant hack that.

Korjavin Ivan
  • 2,230
  • 2
  • 25
  • 39
0

Add:

LogLevel Debug3

to /etc/ssh/sshd_config and restart.

Note: "Logging with a DEBUG level violates the privacy of users and is not recommended."

dmourati
  • 24,720
  • 2
  • 40
  • 69