konsole session logging

English Programming/Scripting
1

Hi all,

for security reasons, I’d like to use program script to log all telnet/ssh sessions of all users connected to the server. Log for each session will be stored into separate file /var/log/session/date +%Y_%m_%d_%H_%M_$USER.log While thinking about the implementation, I have found main 3 issues:

  1. How to start script autonomously at the beginning of each telnet/ssh session
  2. How to set log file privileges, that only root will have permissions to read/modify the log file (filename is not known before the session is opened)
  3. How to implement that ‘exit’ command will both stop the logging and close the session (normally 2 exit commands are necessary - one to stop the logging, second to close the session)

Or - is there any better way how to log the sessions?

Thanks a lot for any ideas or suggestions

H99

2

I have put following lines at the end of /etc/profile:

FILEDATE=‘date +%Y_%m_%d_%H_%M’
script -q /var/log/session/$FILEDATE_$USER.log
sudo chown root:root /var/log/session/.log
sudo chmod 600 /var/log/session/.log
exit

So I can log sessions from all users now.

There are still 2 things I would like to solve:

  1. is it possible to avoid entering root password when sudo is executed first time?

/etc/sudoers contains:
test1 localhost = NOPASSWD:/bin/chown ,NOPASSWD:/bin/chmod

and system asks for root psw for first sudo… (We trust you have received… etc)

  1. commands chown and chmod can be used for any file now, which is not safe.
    I tried to define commands parameters in sudoers, but visudo doesn’t like it:

test1 localhost = NOPASSWD:/bin/chown root:users /var/log/session/.log ,NOPASSWD:/bin/chmod 600 /var/log/session/.log

What am I doing wrong?

Thanks a lot for response,
H99

3

Root password can be avoided by deleting default settings in /etc/sudoers:
Defaults targetpw
ALL ALL = (ALL) ALL

For the second problem, I tried to define command alias, but visudo still complains if there are more parameters:

Cmnd_Alias CHOWN = /bin/chown root:root /var/log/session/*.log

visudo doesn’t like root:root … following syntax was OK:
Cmnd_Alias CHOWN = /bin/chown root /var/log/session/*.log

H99