Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: AW: Logging of interactive / batch shell inputs / outputs

from ["Tobias Schöffel"] Network Security [Permanent Link]
Subject: Re: AW: Logging of interactive / batch shell inputs / outputs
Date: Wed, 18 Jan 2006 14:52:27 +0100 (MET) 
Hi,

thank you for the reply, Jörg.

The problem is, that there a half a dozen of differenst shells on each
Release of an OS.
We've got lots of different OS-Releases, a minimum of 10, I guess.
To compile over 50 different Shells with a loggerpatch (which is perhaps not
availible for every single kind of shell) is abundant unpractical for us,
not to talk about the support question.
For scp and sftp, this would be also no solution, wouldn't it be?

Somebody told me, that with an older release of OpenSSH with a specific
value of the "LogLevel"-parameter in "sshd_config", he could have seen
command logs, but he isn't sure...

Greetings, Tobias


--- Ursprüngliche Nachricht ---
Von: jockelp@arcor.de
An: secureshell@securityfocus.com
Kopie: tob_sch@gmx.de
Betreff: AW: Logging of interactive / batch shell inputs / outputs
Datum: Wed, 18 Jan 2006 09:23:28 +0100 (CET)

Hello,

   this is rather a job for the shell than for sshd.
You might use forced commands to execute a specialised logging-shell
instead of standard-user shell.
You have to modify qour shell for logging. 
There's a patch called bashlogger to syslog all history-commands:
http://bugs.gentoo.org/show_bug.cgi?id=91327
http://bugs.gentoo.org/attachment.cgi?id=57967&action=view

There's no ready-to-use solution for all your actions.

Greetings, Jörg


-----Ursprüngliche Nachricht-----
Von: Tob_Sch@gmx.de [mailto:Tob_Sch@gmx.de]
Gesendet: Dienstag, 17. Januar 2006 22:56
An: secureshell@securityfocus.com
Betreff: Logging of interactive / batch shell inputs / outputs


Hi,

we are using OpenSSH 4.2p1 on different OS (AIX, SunOS, HP-UX, Linux).
Are there any hidden or documented sshd_config-parameters to 
explicitly
enable logging into syslog for one, some or all of following actions:

1. interactive shell command inputs made during a ssh-session
2. interactive shell command outputs displayed during a ssh-session
3. batch shell command inputs made during a ssh-session
4. batch shell command outputs displayed during a ssh-session
5. file actions during a scp-session
6. file actions during a sftp-session

Thanks in advance.




-- 
Lust, ein paar Euro nebenbei zu verdienen? Ohne Kosten, ohne Risiko!
Satte Provisionen für GMX Partner: http://www.gmx.net/de/go/partner
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: -N stops ~C, Josh Tolley
Next by Date:  Re: PAM & RSA (SuSE Linux+OpenSSH), Darren Tucker
Previous by Thread:  AW: Logging of interactive / batch shell inputs / outputs, jockelp
Next by Thread:  Alternative logging destination for sshd, Tob_Sch
Indexes:  [Date] [Thread] [Top] [All Lists]