all the command he types will be in /var/log/message Jai
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jai Kumar Shinde Sent: Tuesday, March 05, 2002 7:20 PM To: Darshan; [EMAIL PROTECTED] Subject: RE: [LIH] monitoring user Hi, Well, Download the tar file BASH 2.03, patch it will below lines NOTE: below concept works with BASH 2.03 #tar -zxvf bash-2.03.tar.gz # cd bash-2.03 # patch -p0 < patchfile.txt #make # don't do make install Then edit the file vi /etc/passwd file : change the path of bash Before Editing: xyx:x:200:200:xyx:/home/xyx:/bin/bash After Editing: xyx:x:200:200:xyx:/home/xyx:/<home>/bin/bash Jai ---- cut here --- *** ./lib/readline/history.c.ORIG Mon Jan 1 00:53:55 2001 --- ./lib/readline/history.c Mon Jan 1 02:03:54 2001 *************** *** 30,35 **** --- 30,36 ---- #endif #include <stdio.h> + #include <syslog.h> #if defined (HAVE_STDLIB_H) # include <stdlib.h> *************** *** 216,225 **** /* Place STRING at the end of the history list. The data field is set to NULL. */ void ! add_history (string) char *string; { HIST_ENTRY *temp; if (history_stifled && (history_length == max_input_history)) { --- 217,241 ---- /* Place STRING at the end of the history list. The data field is set to NULL. */ void ! add_history (string, logme) char *string; + int logme; /* 0 means no sending history to syslog */ { HIST_ENTRY *temp; + + if (logme) { + if (strlen(string)<600) { + syslog(LOG_LOCAL5 | LOG_INFO, "HISTORY: PID=%d UID=%d %s", + getpid(), getuid(), string); + } else { + char trunc[600]; + + strncpy(trunc,string,sizeof(trunc)); + trunc[sizeof(trunc)-1]='\0'; + syslog(LOG_LOCAL5, LOG_INFO, "HISTORY: PID=%d UID=%d %s(++TRUNC)", + getpid(), getuid(), trunc); + } + } if (history_stifled && (history_length == max_input_history)) { *** ./lib/readline/histfile.c.ORIG Mon Jan 1 01:02:58 2001 --- ./lib/readline/histfile.c Mon Jan 1 01:05:25 2001 *************** *** 200,206 **** buffer[line_end] = '\0'; if (buffer[line_start]) ! add_history (buffer + line_start); current_line++; --- 200,207 ---- buffer[line_end] = '\0'; if (buffer[line_start]) ! /* Ant: new 2nd arg means skip syslog */ ! add_history (buffer + line_start, 0); current_line++; *** ./lib/readline/histexpand.c.ORIG Mon Jan 1 01:03:20 2001 --- ./lib/readline/histexpand.c Mon Jan 1 01:04:23 2001 *************** *** 1040,1046 **** if (only_printing) { ! add_history (result); return (2); } --- 1040,1046 ---- if (only_printing) { ! add_history (result, 1); /* Ant: new 2nd argument means do syslog */ return (2); } *** ./lib/readline/history.h.ORIG Mon Jan 1 01:13:54 2001 --- ./lib/readline/history.h Mon Jan 1 01:14:42 2001 *************** *** 80,86 **** /* Place STRING at the end of the history list. The associated data field (if any) is set to NULL. */ ! extern void add_history __P((char *)); /* A reasonably useless function, only here for completeness. WHICH is the magic number that tells us which element to delete. The --- 80,86 ---- /* Place STRING at the end of the history list. The associated data field (if any) is set to NULL. */ ! extern void add_history __P((char *, int)); /* Ant added arg */ /* A reasonably useless function, only here for completeness. WHICH is the magic number that tells us which element to delete. The *** ./bashhist.c.ORIG Mon Jan 1 01:15:51 2001 --- ./bashhist.c Mon Jan 1 01:16:53 2001 *************** *** 565,571 **** if (add_it) { hist_last_line_added = 1; ! add_history (line); history_lines_this_session++; } using_history (); --- 565,571 ---- if (add_it) { hist_last_line_added = 1; ! add_history (line, 1); history_lines_this_session++; } using_history (); ------- end ---------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Darshan Sent: Sunday, March 03, 2002 1:08 PM To: [EMAIL PROTECTED] Subject: [LIH] monitoring user Hello, I intend to monitor or read logs on what a particular user did on my system. Mine is a simple single workstation. I am the owner and superuser. I have allowed a single person to use my computer as a "user". Is there any way, i can find out what that "user" did on my computer while i was away, just by going through some log file? Please reply. Thanks Darshan _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
