On Mon, May 26, 2003 at 08:27:07PM -0400, Craig Holmes wrote: > > There is a patch for bash which makes bash logs everything > > that is typed (I don't remember the url, search for bash+logging+patch). > I have written a very basic patch for bash 2.05b which logs everything which > would normally be written to your .bash_history file to a single remote file > (No matter what a person does the master file is still written too). It is > pretty rough and I used it only briefly in a honeypot exercise, though you > may find it usefull. > http://gearbox.gearbolt.net/files/patches/bash-masterhist.diff
There is a program called snoopy too: http://sourceforge.net/projects/snoopylogger/ It logs all execve() calls to syslog. It's installed in /etc/ld.so.preload so it only works with dynamically linked programs, but most are. -- Anders Gustafsson - [EMAIL PROTECTED] - http://0x63.nu/
