CentOS - Nov 2006 - OT: Q: Howto implement a monitored Shell for remote logins

I sometimes need to allow sub-contracted admins root ssh access to my
servers. Later, I always wonder what they did during access.

Is there any shell that provides all shell abilities to the remote user
but monitors/emails a designated user each command executed in the shell
terminal and does not allow the user (even root) to modify the bash history file
or
similar shell history file, or maybe sending each command by email to a
remote server, so that modifying history becomes out of question?

Hope someone can help.

With regards.
Sanjay.

Simply tell them "Do not modify the command history or we wont hire you
again.".

Pretty non technical solution to what is a staffing issue.

-Drew
 

-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
Behalf Of Sanjay Arora
Sent: Tuesday, November 14, 2006 2:03 PM
To: CentOS Mailing List
Subject: [CentOS] OT: Q: Howto implement a monitored Shell for remote
logins

I sometimes need to allow sub-contracted admins root ssh access to my
servers. Later, I always wonder what they did during access.

Is there any shell that provides all shell abilities to the remote user
but monitors/emails a designated user each command executed in the shell
terminal and does not allow the user (even root) to modify the bash
history file or similar shell history file, or maybe sending each
command by email to a remote server, so that modifying history becomes
out of question?

Hope someone can help.

With regards.
Sanjay.


_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos

On 14/11/06, Sanjay Arora <sanjay.k.arora at gmail.com>
wrote:
> I sometimes need to allow sub-contracted admins root ssh access to my
> servers. Later, I always wonder what they did during access.
>
> Is there any shell that provides all shell abilities to the remote user
> but monitors/emails a designated user each command executed in the shell
> terminal and does not allow the user (even root) to modify the bash history
file or
> similar shell history file, or maybe sending each command by email to a
> remote server, so that modifying history becomes out of question?
If you only allow them to...

$ sudo su -
#

... doesn't sudo then keep track of their actions? There are other
alternatives, sudosh for one.

http://sourceforge.net/projects/sudosh/

I'm pretty certain there are others too, from memory of the last time
I looked into shell auditing.

Will.

On 11/14/06, Sanjay Arora <sanjay.k.arora at gmail.com>
wrote:
> I sometimes need to allow sub-contracted admins root ssh access to my
> servers. Later, I always wonder what they did during access.
>
> Is there any shell that provides all shell abilities to the remote user
> but monitors/emails a designated user each command executed in the shell
> terminal and does not allow the user (even root) to modify the bash history
file or
> similar shell history file, or maybe sending each command by email to a
> remote server, so that modifying history becomes out of question?
You could also use the script and ttysnoop utilities to monitor activity.

- Ryan
-- 
UNIX Administrator
http://prefetch.net

> Is there any shell that provides all shell abilities to the remote user
> but monitors/emails a designated user each command executed in the shell
> terminal and does not allow the user (even root) to modify the bash history
file or
> similar shell history file, or maybe sending each command by email to a
> remote server, so that modifying history becomes out of question?
Enterprise Audit Shell does this.  It provides a central facility for
logging, which uses a client/server model to transmit logs to the central
log server.  It is free and open source, however it disappeared not too
long ago ... search the list archives for someone who has posted a link to 
a private copy of it.

Barry