‘script’ing the login
Ever want to capture and record everything done on the command line from a ssh login without (a) the user knowing it and (b) them having to do anything to start the recording?
become root, then execute these commands:
mkdir /var/log/script
chmod 733 /var/log/script
Then, for each user you want to record:
echo -e '\n/usr/bin/script -aqf /var/log/script/$( date +%F-%H-%M-%S )-$( whoami ); exit' > /home/<user>/.profile
(You can also add that to the end of the /etc/skel/.profile so that all new accounts have that line.)
The recordings of their sessions will be in /var/log/script
Enjoy!
Leave a Comment