Age | Commit message (Collapse) | Author |
|
|
|
Log command exit to message queue for use by command
logging daemons.
|
|
The concept of logging shell commands through audit subsystem
is not useful because it is too hard to configure, requires special
privledges, doesn't handle background commands, and is missing the
necessary information...
|
|
This is merge of current Debian stable (Lenny) version of Bash
with Vyatta changes.
|
|
Rather than using original patch which did auditing for shell
named aubash, we use it for vbash.
|
|
This is based on earlier (unaccepted) patch to add auditing
support which wasd done by Steve Grubb at Redhat.
This patch depends on audit 1.4 to provide a logging function.
The resulting audit message looks like this:
time->Tue Jan 30 18:23:45 2007
type=USER_CMD msg=audit(1170199425.793:143): user pid=22862 uid=0 auid=0
subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023
msg='cwd=2F726F6F742F7465737420646972 cmd=6C73202D6C (terminal=tty1
res=success)'
Which translates to:
type=USER_CMD msg=audit(01/30/2007 18:23:45.793:143) : user pid=22862 uid=root
auid=root subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023
msg='cwd=/root/test dir cmd=ls -l (terminal=tty1 res=success)'
This patch causes bash to log all command line arguments when the shell
is started as aubash or "bash --audit". The preferred methos is to make a
symlink frp, bash to aubash and then add aubash to /etc/shells. Then you
can change root's shell to aubash.
|
|
and allowed op/cfg/pipe commands, i.e., no more hard-coded policies in bash.
|
|
otherwise => "full").
|
|
|
|
|