Session recording
Kenny Lussier
klussier at gmail.com
Sun Mar 30 20:24:10 EDT 2008
On Sun, Mar 30, 2008 at 4:39 PM, Ben Scott <dragonhawk at gmail.com> wrote:
>
> You should be able wrap up the login shell in the script(1) command,
> and do it so that the typescript isn't writable by the user, but based
> on messages you've posted, it sounds like that's not really what
> you're after. You're not after the terminal session, per se, you're
> after an audit log of the actions a user takes. That's something
> different. I'd look into process accounting, SELinux, and similar
> stuff. They're implemented at the kernel level, and designed to
> control and/or record events, regardless of whether they come from an
> interactive shell, a shell script, or a "regular program" the user is
> running.
The more I look into this, the more I am realizing that I will need to
do more then just one thing. I will need to do something at either the
kernel level or shell level to do keystroke logging and process
accounting, as well as something like script to get the entire
session. Then I'll have to have a way to correlate the two for
auditing.
It would be nice to be able to do all of this with a single security
package. Even a commercial app would do in most situations that
require this kind of security.
Thanks for all of the input.
C-Ya,
Kenny
More information about the gnhlug-discuss
mailing list