logging all activity?

Matt Johnston matt at ucc.asn.au
Mon Aug 7 21:40:47 WST 2006


On Mon, Aug 07, 2006 at 09:17:15AM -0400, Paul Fox wrote:
> hi -- is there a relatively painless way to cause the dropbear
> server to log all remote command executions?  i only need this
> for debugging -- i want to see all instances where a client has
> run "ssh myhost some command", or has run scp to copy files to or
> from myhost.  i don't need interactive session logging.
> 
> a quick perusal of the docs didn't turn up anything obvious.

There's no builtin way, though you could modify a shell
login file (.zshenv for zsh, not sure about others) to log
the commands, since all commands are actually run as 
'sh -c "some command"'.

The attached patch will work if you don't mind recompiling.

Matt


--- options.h	c365717890e92696dd8e3f5821531993ec37ff35
+++ options.h	5b1911f76acd50bba2503c24654c9194299cb022
@@ -199,8 +199,10 @@ etc) slower (perhaps by 50%). Recommende
  * not using the Dropbear client, you'll need to change it */
 #define _PATH_SSH_PROGRAM "/usr/bin/dbclient"
 
-/* Multi-purpose binary configuration has now moved. Look at the top
- * of the Makefile for instructions, or INSTALL */
+/* Whether to log commands executed by a client. This only logs the 
+ * (single) command sent to the server, not what a user did in a 
+ * shell/sftp session etc. */
+#define LOG_COMMANDS
 
 /*******************************************************************
  * You shouldn't edit below here unless you know you need to.
============================================================
--- svr-chansession.c	d64917b0372fdb027e8704c9504cc4c2ed787398
+++ svr-chansession.c	a89352777afb63df597fa6790c6c079fbbb67737
@@ -588,6 +588,16 @@ static int sessioncommand(struct Channel
 		}
 	}
 
+#ifdef LOG_COMMANDS
+	if (chansess->cmd) {
+		dropbear_log(LOG_INFO, "user %s executing '%s'", 
+						ses.authstate.printableuser, chansess->cmd);
+	} else {
+		dropbear_log(LOG_INFO, "user %s executing login shell", 
+						ses.authstate.printableuser);
+	}
+#endif
+
 	if (chansess->term == NULL) {
 		/* no pty */
 		ret = noptycommand(channel, chansess);


More information about the Dropbear mailing list