Session recording
Bill McGonigle
bill at bfccomputing.com
Mon Mar 31 12:00:22 EDT 2008
> The more I look into this, the more I am realizing that I will need to
> do more then just one thing. I will need to do something at either the
> kernel level or shell level to do keystroke logging and process
> accounting, as well as something like script to get the entire
> session. Then I'll have to have a way to correlate the two for
> auditing.
I ran into this a while back when I was trying to come up with a billing
system that would track my ssh sessions and didn't find a satisfying answer.
My conclusion at the time was that this is a missing kernel feature, or
at least that I didn't understand the API well enough if it's in there.
It would be very useful to have. Come to think of it, there are lots
of opportunities for linux to do more with process handling!
I see you've already found lastcomm and friends, but it would be great
to know what you come up with for a correlation mechanism. Do you need
to defend against potentially malicious users or is this for
auditing/billing purposes? If the latter you might be able to use the
shell prompt for things. But good-luck trying to wrangle the output of
anything that uses termkey or curses!
I'm curious because disk space is cheap, but trying to remember what the
heck I did 9 months ago is expensive, and often futile.
-Bill
More information about the gnhlug-discuss
mailing list