Unix keystroke logger

mohzub · August 23, 2010, 2:42am

Hi all,

Does anyone know if there is a tool in the market that could do the following when System Admin log to the server as root and perform activities according to his change request:

trap or log his keystroke for the entire duration
provide a report on the changes SA has made to the environment excluding harmless commands ( such as ls, cd, pwd,etc). If the SA execute a script called "ls", the tool should also list out what the script does and what changes has taken place.

Many thanks.

rajamadhavan · August 23, 2010, 4:27am

Hi
You can try using "script" facility. Please refer man page. You can have custom scripts written that could process the files generated by script to filter the information you need.

-Raja

citaylor · August 23, 2010, 8:35am

Other comercial products also perform this task - try googling "Privileged Account Management". (I work on one of these products, so I wont mention company names).
They can provide managed access to root, and will allow full auditing, often including keystroke capture and replay.

I hope this helps.

unSpawn · August 23, 2010, 11:27am

...and if you don't need to comply with SOX, Basel II, HSPD-12, FFIEC, HIPAA, FERPA, PCI-DSS and you're not in the market for a commercially licensed Privileged Account / Identity / User Management suite you could try 'rootsh' together with remote syslogging. However since root is omnipotent you need to take into account scenarios where logging gets subverted.