Re: [logs] adduser log

From: Bennett Todd (betat_private)
Date: Tue Jan 21 2003 - 09:38:55 PST

  • Next message: Mikael Olsson: "Re: [logs] adduser log"

    2003-01-21T03:44:48 Pinel Pierre-Marc:
    > I need to log the use of the adduser comand on a Red
    > Hat server.
    > Is there any other solution than to modify comand and
    > doing a script than logs an event.
    The easiest solution to implement, especially for a one-off, would
    	mkdir /usr/sbin/_real
    	mv /usr/sbin/adduser /usr/sbin/_real/adduser
    	cat >/usr/sbin/adduser <<-Eof
    		test $# -gt 0 && logger -p -t adduser "$@"
    		exec /usr/sbin/_real/adduser.real ${1+"$@"}
    	chmod 755 /usr/sbin/adduser
    (_real used because /usr/sbin/adduser is a symlink to
    /usr/sbin/useradd, so I fear it might be dispatching on basename $0
    to determine behavior). It might be more complete to wrap useradd
    That's sort of an honor-system logging setup; anybody who knows
    what's been done can hit the original, unwrapped command to bypass
    the logging. To prevent that, just yank normal full root privs from
    the people whose adduser-use you want to log, and give them sudo
    permission to run the wrapper.
    If you've got lots and loads of systems, whatever solution you
    end up liking to implement could be rpmmed, either by re-wrapping
    shadow-utils (the package that owns adduser) or by wrapping an addon
    that depends on shadow-utils, installs the wrapper under a distinct
    name, then does symlink-switching in postinstall and preremove
    Re-wrapping shadow-utils is far cleaner, since that's what you have
    to do to get rpm -V to keep working right. Or, put your wrapper in
    some other directory besides /usr/sbin/, that's earlier on the paths
    of the users whose use you want to log.

    _______________________________________________ LogAnalysis mailing list LogAnalysisat_private

    This archive was generated by hypermail 2b30 : Tue Jan 21 2003 - 10:45:21 PST