Skip to main content

Audit and Send User commands to Syslog in Linux

It is important to monitor every command a system admin or operator executed on the servers. Additionally logging the changes made to systems are required to comply with information security legislation like ISO 27001.

In Linux, it can be possible using a simple function. Once you have a remote Rsyslog Server configured, append the following function and trap to /etc/profile file. /etc/profile file is sourced when a shell login occurs. So every time a command is executed, trap named trap_cmd_to_syslog calls the send_cmd_to_syslog function.

${remote_host} is extracted from the $(who am i) command. $BASH_COMMAND is the command currently being executed or about to be executed.


Etiketler:

Comments

Post a Comment

Popular posts from this blog

Creating Multiple VLANs over Bonding Interfaces with Proper Routing on a Centos Linux Host

In this post, I am going to explain configuring multiple VLANs on a bond interface. First and foremost, I would like to describe the environment and give details of the infrastructure. The server has 4 Ethernet links to a layer 3 switch with names: enp3s0f0, enp3s0f1, enp4s0f0, enp4s0f1 There are two bond interfaces both configured as active-backup bond0, bond1 enp4s0f0 and enp4s0f1 interfaces are bonded as bond0. Bond0 is for making ssh connections and management only so corresponding switch ports are not configured in trunk mode. enp3s0f0 and enp3s0f1 interfaces are bonded as bond1. Bond1 is for data and corresponding switch ports are configured in trunk mode. Bond0 is the default gateway for the server and has IP address 10.1.10.11 Bond1 has three subinterfaces with VLAN 4, 36, 41. IP addresses are 10.1.3.11, 10.1.35.11, 10.1.40.11 respectively. Proper communication with other servers on the network we should use routing tables. There are three
Post a Comment
Read more

PowerShell Script for Switching Between Multiple Windows

Windows PowerShell has strong capabilities. I have a separate computer with a big lcd screen in which I am watching regularly some web based monitoring applications. So I need those application windows switch between on a timely basis. Then I wrote this simple powershell script to achieve this. You can change it according to your needs.
2 comments
Read more