I have a closed source program which calls server over SSH and executes a set of commands.
Could you tell me how can I log all commands?
My server is under Ubuntu.
3 Answers
Snoopy can be used to log all commands ran on a system. Logs will be sent to syslog.
Without knowing exactly how it's doing it's thing, there's no one answer that I can give. However, a few possibilities:
- It uses keys for authentication, and runs a command it passes at login: This is easy. Add a
command=to the entry in~/.ssh/authorized_keysthat calls a script that logs the command it runs, and then just execs the command. Transparent, simple. - It uses keys for authentication, runs a shell, and stuffs commands down the shell: Harder, but still straightforward. Again,
command=in~/.ssh/authorized_keysto run a shell of your choosing, which could be something like sudoshell or something else that logs all commands (for super bonus trickery, you could even usescriptfor full replayability). - It uses passwords: No
command=trickery allowed here, you're going to have to go the whole hog and use something like snoopy to log everything that happens -- but unless this program is the only thing using SSH, you'll likely end up with a lot of logs.
-
the program can use key based auth. do you have script sample to log calls? thank youuser349302– user3493022011-07-05 00:11:55 +00:00Commented Jul 5, 2011 at 0:11
If the close source program allows you to edit remote SSH parameters or you can put the commands into a shell script, you can wrap your execution around the "script" command on the remote server like this:
ssh 192.168.15.200 'script ps.log -c "ps -ef"'
In this case, the output of ps -ef is saved into the file ps.log
auditd