|
|
@ -10,11 +10,11 @@ Usage |
|
|
----- |
|
|
----- |
|
|
|
|
|
|
|
|
* Record session |
|
|
* Record session |
|
|
``` |
|
|
|
|
|
|
|
|
```bash |
|
|
script -t /tmp/foo/typescript 2> /tmp/foo/timing |
|
|
script -t /tmp/foo/typescript 2> /tmp/foo/timing |
|
|
``` |
|
|
``` |
|
|
* Replay session |
|
|
* Replay session |
|
|
``` |
|
|
|
|
|
|
|
|
```bash |
|
|
scriptreplay -t timing typescript |
|
|
scriptreplay -t timing typescript |
|
|
``` |
|
|
``` |
|
|
|
|
|
|
|
|
@ -125,12 +125,12 @@ The logged information can also be forwarded to secured logging servers using st |
|
|
* helpers/auditshell |
|
|
* helpers/auditshell |
|
|
* helpers/auditshell_create_sessionfiles |
|
|
* helpers/auditshell_create_sessionfiles |
|
|
* Set permission and owner |
|
|
* Set permission and owner |
|
|
``` |
|
|
|
|
|
|
|
|
```bash |
|
|
chown root:root /usr/local/bin/{scriptreplay,auditshell,auditshell_create_sessionfiles} |
|
|
chown root:root /usr/local/bin/{scriptreplay,auditshell,auditshell_create_sessionfiles} |
|
|
chmod 755 /usr/local/bin/{scriptreplay,auditshel,auditshell_create_sessionfiles} |
|
|
chmod 755 /usr/local/bin/{scriptreplay,auditshel,auditshell_create_sessionfiles} |
|
|
``` |
|
|
``` |
|
|
* Patch an install custom "script" implementation |
|
|
* Patch an install custom "script" implementation |
|
|
``` |
|
|
|
|
|
|
|
|
```bash |
|
|
cd helpers/ |
|
|
cd helpers/ |
|
|
git clone git://git.kernel.org/pub/scm/utils/util-linux/util-linux.git |
|
|
git clone git://git.kernel.org/pub/scm/utils/util-linux/util-linux.git |
|
|
cd util-linux.git |
|
|
cd util-linux.git |
|
|
@ -145,7 +145,7 @@ The logged information can also be forwarded to secured logging servers using st |
|
|
* Disable string escaping on system which are using rsyslogd (i.e. Ubuntu systems) |
|
|
* Disable string escaping on system which are using rsyslogd (i.e. Ubuntu systems) |
|
|
* Redirect the auditshell logs to another logfile using syslog configuration |
|
|
* Redirect the auditshell logs to another logfile using syslog configuration |
|
|
* Change shell of user |
|
|
* Change shell of user |
|
|
``` |
|
|
|
|
|
|
|
|
```bash |
|
|
chsh -s /usr/local/bin/auditshell <user> |
|
|
chsh -s /usr/local/bin/auditshell <user> |
|
|
``` |
|
|
``` |
|
|
|
|
|
|
|
|
@ -155,11 +155,11 @@ Watch auditshell sessions |
|
|
|
|
|
|
|
|
* Start session, and execute commands |
|
|
* Start session, and execute commands |
|
|
* Extract session files |
|
|
* Extract session files |
|
|
``` |
|
|
|
|
|
|
|
|
```bash |
|
|
/usr/local/bin/auditshell_create_sessionfiles /var/log/messages /tmp/foo |
|
|
/usr/local/bin/auditshell_create_sessionfiles /var/log/messages /tmp/foo |
|
|
``` |
|
|
``` |
|
|
* Replay session |
|
|
* Replay session |
|
|
``` |
|
|
|
|
|
|
|
|
```bash |
|
|
scriptreplay -t /tmp/foo/2013-09-11_18-47-45.user1.11931.timing /tmp/foo/2013-09-11_18-47-45.user1.11931.typescript |
|
|
scriptreplay -t /tmp/foo/2013-09-11_18-47-45.user1.11931.timing /tmp/foo/2013-09-11_18-47-45.user1.11931.typescript |
|
|
``` |
|
|
``` |
|
|
|
|
|
|
|
|
|
root
12 years ago