This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: Get cmd name out of bash
- From: "Philipp Michael" <Philipp dot Michael at gmx dot net>
- To: systemtap at sources dot redhat dot com
- Date: Tue, 19 Aug 2008 09:32:21 +0200
- Subject: Re: Get cmd name out of bash
>I'm not sure what you are really trying to do, but I'll give this a shot. It probably would help if you >would let us know what kernel, architecture, distro, and systemtap version you are using.
Hi, so i`m trying to set up a kind of a keylogger. the script should only log the executed inputs in the bash, like ls, ..... not the results. Because of a centralized logging stucture i want to save this commandlog file on a syslog-ng server. To import the commands from the script to the syslog daemon i wanted to use a named pipe.
At the moment i use the Fedora 9 Live CD from the systemtap site running as a vm. Kernel 2.6.25.3-18.fc9.i686, Systemtap 0.6.2/0.133. But this is only for testing. Later on the skript should run on different SuSE Enterprise Linux 10.x and RHEL 3, 4, 5 Distributions... Will i get a problem running different kernel version ?
>There are more problems here though. First, the process.stp tapset is deprecated and is most likely >going away. Second, I'm not sure systemtap is really the tool for what you appear to be trying to do. >I think what you really might want to do hear is enable the kernel's auditing facility, which is already >set up to do exec auditing.
>If you want to pursue this further, I'd need a better description of what you are really trying to do.
So what do you mean with kernel exec auditing? the auditd Deamon?
greetings
phil
--
GMX Kostenlose Spiele: Einfach online spielen und Spaß haben mit Pastry Passion!
http://games.entertainment.gmx.net/de/entertainment/games/free/puzzle/6169196