Rootsh is a wrapper for shells that logs all echoed keystrokes and terminal output to a file and/or to syslog. Its main purpose is the auditing of users who need a shell with root privileges. They start rootsh through the sudo mechanism.
|Tags||Logging Shells Monitoring Systems Administration|
|Operating Systems||POSIX Solaris Linux HP-UX AIX IRIX Windows Cygwin|
Release Notes: Mac OS X support was added. syslogging of the username was added. Examples were added to the INSTALL file. The environment variable ROOTSH_SESSIONID is now set inside a running rootsh. The Irix logdir in configure.in was fixed. A bug that causing a core dump under SunOS5.9 with the -u option was fixed. A bug which sent an ugly last line to syslog under Linux was fixed.
Release Notes: Support for the SGI Irix operating system was added. The format of syslog messages was slightly changed to be RFC 3164 compliant.
Release Notes: Tamper detection code was added to endlogging(). The deletion of log files during a session is now recognized. A bug that caused random core dumps under HP-UX was fixed. Conditional compilation was implemented in basename.c for Cygwin. Many comments were added to the code.
Release Notes: Some xterm escape sequences could cause empty syslog messages. This was a critical error, since users could hide their actions in a syslog-only environment. This bug in stripesc has been fixed.
Release Notes: For those who want to monitor users as soon as they log into a machine, rootsh can now be used as login shell in /etc/ passwd. For this purpose there is a new option --with- defaultshell= for configuring.