Hey;
I have a client who's interested in monitoring access to and activity in sensitive accounts (application admin accounts, root, etc). One idea I had was to put a key logger on a centralized system that'll be used to ssh into these accounts. Googling keylogger keeps popping up lkl, though, and that seems to be for the physical keyboard only... and, somewhat suspect even with that. The client has a need to monitor this activity due to HIPAA and PCI rules/regs. Requiring sudo for every command is an ugly option as it's straight single factor authentication and really limits flexibility on automating tasks.
Does anyone know of a key logger that'll log ptys? Extra helping of eternal gratitude if it can filter logging based on commands entered... (don't really care user A does on the mgmt server as himself. only care if he access oracle@prod_db_server)
thanks for any hints/tips/suggestions.
Doug
linux based terminal key logger?
Re: linux based terminal key logger?
If they can afford it, this commercial product is good although it may be a bit overkill.
http://www.beyondtrust.com/Products/PowerBrokerUnixLinux/
http://www.beyondtrust.com/Products/PowerBrokerUnixLinux/
Re: linux based terminal key logger?
[url=http://www.tridia.com/]Tridia[/url] has a product called [url=http://www.tridia.com/doublevision/]DoubVision Pro[/url] that we have used on Unix systems for years... for a price...
Re: linux based terminal key logger?
Maybe you can try this keylogger which is designed for Linux :http://sourceforge.net/projects/lkl/ , I can't comment with it, because I didn't use this before.
[Moderator edited to remove a link to a commercial product for [i]Windows[/i] systems.]
[Moderator edited to remove a link to a commercial product for [i]Windows[/i] systems.]