General discussion

Locked

Session log

By F3rg13 ·
In the past it was possible to execute a command string that would cause all activity during a session to be written to a file thus producing what in effect was a log of all activity during a short session (think of it as a command history but showing the results of each command as well).

Wondering if there is an arguement to the history command that would capture/display this data or if there is an alternative method for Solaris?

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Jaqui In reply to Session log

in the security settings for solaris is where you need to work.
this:
http://docs.sun.com/app/docs/doc/816-4557/6maosrjol?q=session+logging&a=view

is the docs about tracking system usage, even including when a user su to admin.

Collapse -

by Jaqui In reply to

first section of the doc:
What Is Auditing?

Auditing is the collecting of data about the use of system resources. The audit data provides a record of security-related system events. This data can then be used to assign responsibility for actions that take place on a host. Successful auditing starts with two security features: identification and authentication. At each login, after a user supplies a user name and password, a unique audit session ID is generated and associated with the user's process. The audit session ID is inherited by every process that is started during the login session. Even if a user changes identity within a single session, all user actions are tracked with the same audit session ID. For more details about changing identity, see the su(1M) man page.

The auditing service makes the following possible:

*

Monitoring security-relevant events that take place on the host
*

Recording the events in a network-wide audit trail
*

Detecting misuse or unauthorized activity
*

Reviewing patterns of access and the access histories of individuals and objects
*

Discovering attempts to bypass the protection mechanisms
*

Discovering extended use of privilege that occurs when a user changes identity

During system configuration, you preselect which classes of audit records to monitor. You can also fine-tune the degree of auditing that is done for individual users.

After audit data is collected, postselection tools enable you to reduce and examine interesting parts of the audit trail. For example, you can choose to review audit records for individual users or specific groups. You can examine all records for a certain type of event on a specific day. Or, you can select records that were generated at a certain time of day.

Systems that install non-global zones can audit all zones identically from the global zone. These systems can also be configured to collect differe

Collapse -

by F3rg13 In reply to

Actually I found what I needed just after posting the question. I wasn't looking to audit a user per se but just capture the keystrokes for a tester while he wanders through the OS. The answer is the "script" command.

Thanks,

Ferg

Collapse -

by F3rg13 In reply to Session log

This question was closed by the author

Back to Linux Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums