logging all activity?
Matt Johnston
matt at ucc.asn.au
Mon Aug 7 21:40:47 WST 2006
On Mon, Aug 07, 2006 at 09:17:15AM -0400, Paul Fox wrote:
> hi -- is there a relatively painless way to cause the dropbear
> server to log all remote command executions? i only need this
> for debugging -- i want to see all instances where a client has
> run "ssh myhost some command", or has run scp to copy files to or
> from myhost. i don't need interactive session logging.
>
> a quick perusal of the docs didn't turn up anything obvious.
There's no builtin way, though you could modify a shell
login file (.zshenv for zsh, not sure about others) to log
the commands, since all commands are actually run as
'sh -c "some command"'.
The attached patch will work if you don't mind recompiling.
Matt
--- options.h c365717890e92696dd8e3f5821531993ec37ff35
+++ options.h 5b1911f76acd50bba2503c24654c9194299cb022
@@ -199,8 +199,10 @@ etc) slower (perhaps by 50%). Recommende
* not using the Dropbear client, you'll need to change it */
#define _PATH_SSH_PROGRAM "/usr/bin/dbclient"
-/* Multi-purpose binary configuration has now moved. Look at the top
- * of the Makefile for instructions, or INSTALL */
+/* Whether to log commands executed by a client. This only logs the
+ * (single) command sent to the server, not what a user did in a
+ * shell/sftp session etc. */
+#define LOG_COMMANDS
/*******************************************************************
* You shouldn't edit below here unless you know you need to.
============================================================
--- svr-chansession.c d64917b0372fdb027e8704c9504cc4c2ed787398
+++ svr-chansession.c a89352777afb63df597fa6790c6c079fbbb67737
@@ -588,6 +588,16 @@ static int sessioncommand(struct Channel
}
}
+#ifdef LOG_COMMANDS
+ if (chansess->cmd) {
+ dropbear_log(LOG_INFO, "user %s executing '%s'",
+ ses.authstate.printableuser, chansess->cmd);
+ } else {
+ dropbear_log(LOG_INFO, "user %s executing login shell",
+ ses.authstate.printableuser);
+ }
+#endif
+
if (chansess->term == NULL) {
/* no pty */
ret = noptycommand(channel, chansess);
More information about the Dropbear
mailing list