forked from jpschewe/rootsh
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathINSTALL
196 lines (132 loc) · 7.25 KB
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
rootsh Installation Instructions:
coming soon: http://people.consol.de/~lausser/rootsh
Step 1. Decide if you want to have your logfiles in a non-standard place.
Logfiles with names like <user>.<date><time>.<process id>
will be written here, one for each rootsh session.
The users' input and output will be copied into these files.
I recommend to go with the default settings. This will be
/var/log/rootsh, /var/adm/rootsh, ...
according to your operating system.
Step 2. Decide if you want to disable syslog.
By default all of the logged input and output will be
sent to the syslog daemon. If you don't trust your
rootsh users you can have syslogd to send your logging data
to another host, where they can not be manipulated.
In any case the logged input and output will be written
into logfiles.
Step 3. Decide if you want to change syslog priority.
By default all syslog messages use level "local5" and
facility "notice". If you don't like this, you can use
whatever you want.
Be sure you edit your /etc/syslog.conf and make an entry
for your priority, either "local5.notice" or your own.
Step 4. Decide if you want to turn off syslog line numbering
By default every syslog line is prepended by a 3-digit counter
and a colon. If you are in doubt wether messages were lost on
their way to the syslog server, you can examine the counter's
column. The numbers should be ascending from 000 to 100 and
then again start at 000.
Look at the bottom of this file for an example.
Step 5. Decide if you want to turn off writing the username into
every syslog line.
By default every syslog line is prepended by the username of
the calling user. This is for your convenience, if you have
a quick glance at the logfile. If you think this makes your
logfile less readable, disable it. You still can take the
session-id which prepends the line and find the first line
with this id which announces the logging of a new session.
This line also contains the username.
Look at the bottom of this file for an example.
Step 6. Configure your installation
There are 6 options to configure rootsh.
--disable-logfile
Using this option will turn off logging to a local logfile.
If you disable logfiles, you _must not_ also disable syslog.
By default logfiles are turned on.
If you plan to use rootsh as command line interpreter with logging
for some users (7th field in /etc/passwd), you must disable logfiles.
This is because rootsh will be run with user privileges.
--with-logdir=LOGDIR
Using this option will change the default directory for your
logfiles.
--disable-syslog
Using this option will turn off logging to syslog. You still
have logfiles, but they could be manipulated by rootsh users.
By default syslog is turned on.
--enable-syslog=LEVEL.FACILITY
Using this option will allow you to change the default
priority "local5.notice":
--disable-linenumbering
Using this option will turn off prepending the syslog lines
with a line counter.
--disable-syslog-username
Using this option will turn off prepending the syslog lines
with the username.
--with-defaultshell
If rootsh is a user's login shell from the 7th field in /etc/passwd
there has to be a real command line interpreting shell which will
be executed. You can override the default selection (mostly /bin/sh)
with your own preferred shell.
By calling the binary with the "-V" or "--version" option
you can later see how these options were used.
Step 7. Build the binaries.
This is the easy part, type "make".
It worked for me on Linux 2.4, SunOS5.9, HP-UX11.11, AIX 5,
FreeBSD 5.2.1 and IRIX 6.5
Step 8. Install the components.
Type "make install".
This will install your rootsh binary.
Step 9. Grant a user the right to use rootsh
Make an entry in your /etc/sudoers and give the user the right
to execute the rootsh binary.
By typing "sudo rootsh" he will get a root shell and you can
watch his steps or read later what he has done.
Some remarks:
I had two warnings on AIX with gcc-2.95
/usr/include/time.h:236: warning: `struct sigevent' declared
inside parameter list
rootsh.c:258: warning: implicit declaration of function `snprintf'
which disappeared when i used the native compiler.
Maybe a newer gcc also helps. (-std=c99 produced even more warnings)
Some examples:
default syslog behaviour:
Mar 24 13:44:38 srv1 rootsh[062fd]: user1234=root,/dev/pts/10: logging new session (rootsh[062fd]) to /var/log/rootsh/user1234.20050324134426.062fd
Mar 24 13:44:39 srv1 rootsh[062fd]: user1234: 000: srv1:/home/user1234/rootsh-1.5.2 # cd /etc
Mar 24 13:44:41 srv1 rootsh[062fd]: user1234: 001: srv1:/etc # pwd
Mar 24 13:44:11 srv1 rootsh[062fd]: user1234: 002: /etc
Mar 24 13:44:42 srv1 rootsh[062fd]: user1234: 003: srv1:/etc # exit
Mar 24 13:44:42 srv1 rootsh[062fd]: user1234: 004: exit
Mar 24 13:44:42 srv1 rootsh[062fd]: user1234: 005: *** rootsh session ended by user
Mar 24 13:44:42 srv1 rootsh[062fd]: user1234: 006:
Mar 24 13:44:42 srv1 rootsh[062fd]: user1234,/dev/pts/10: closing rootsh session (rootsh[062fd])
with --disable-linenumbering:
Mar 24 13:56:27 srv1 rootsh[06208]: user1234=root,/dev/pts/10: logging new session (rootsh[06208]) to /var/log/rootsh/user1234.20050324135626.06208
Mar 24 13:56:29 srv1 rootsh[06208]: user1234: srv1:/home/user1234 # cd /etc
Mar 24 13:56:31 srv1 rootsh[06208]: user1234: srv1:/etc # pwd
Mar 24 13:56:31 srv1 rootsh[06208]: user1234: /etc
Mar 24 13:56:32 srv1 rootsh[06208]: user1234: srv1:/etc # exit
Mar 24 13:56:32 srv1 rootsh[06208]: user1234: exit
Mar 24 13:56:32 srv1 rootsh[06208]: user1234: *** rootsh session ended by user
Mar 24 13:56:32 srv1 rootsh[06208]: user1234:
Mar 24 13:56:32 srv1 rootsh[06208]: user1234,/dev/pts/10: closing rootsh session (rootsh[06208])
with --disable-syslog-username:
Mar 24 13:58:21 srv1 rootsh[0621a]: user1234=root,/dev/pts/10: logging new session (rootsh[0621a]) to /var/log/rootsh/user1234.20050324135626.0621a
Mar 24 13:58:21 srv1 rootsh[0621a]: 000: srv1:/home/user1234 # cd /etc
Mar 24 13:58:34 srv1 rootsh[0621a]: 001: srv1:/etc # pwd
Mar 24 13:58:34 srv1 rootsh[0621a]: 002: /etc
Mar 24 13:58:35 srv1 rootsh[0621a]: 003: srv1:/etc # exit
Mar 24 13:58:35 srv1 rootsh[0621a]: 004: exit
Mar 24 13:58:35 srv1 rootsh[0621a]: 005: *** rootsh session ended by user
Mar 24 13:58:35 srv1 rootsh[0621a]: 006:
Mar 24 13:58:35 srv1 rootsh[0621a]: user1234,/dev/pts/10: closing rootsh session (rootsh[0621a])
with --disable-syslog-username --disable-linenumbering:
Mar 24 14:03:17 srv1 rootsh[06220]: user1234=root,/dev/pts/10: logging new session (rootsh[06220]) to /var/log/rootsh/user1234.20050324130326.06220
Mar 24 14:03:19 srv1 rootsh[06220]: srv1:/home/user1234 # cd /etc
Mar 24 14:03:21 srv1 rootsh[06220]: srv1:/etc # pwd
Mar 24 14:03:21 srv1 rootsh[06220]: /etc
Mar 24 14:03:22 srv1 rootsh[06220]: srv1:/etc # exit
Mar 24 14:03:22 srv1 rootsh[06220]: exit
Mar 24 14:03:22 srv1 rootsh[06220]: *** rootsh session ended by user
Mar 24 14:03:22 srv1 rootsh[06220]:
Mar 24 14:03:22 srv1 rootsh[06220]: user1234,/dev/pts/10: closing rootsh session (rootsh[06220])