root shell auditing and syslog entry for all commands of shell

A lot of times there is a need to log all the messages and the output of the shell to the file or syslog. Sometimes I need that for some user too. script command can be used to do this but then sometimes you cannot tell the user the session is logged or you can ask the user to run this command and it should be automatically done. And sometimes there is a need put the output in the syslog so that the root user has more control and also mail for syslog is sufficient to be analyzed rather than looking for other files. Finally I found this :

Rootsh is a wrapper for shells which logs all echoed keystrokes and terminal output to a file and/or to syslog. Its mail purpose is the auditing of users who need a shell with root privileges. They start rootsh through the sudo mechanism.

This package is there in the Fedora repo\’s so all you need to do to install this is:

yum install rootsh

While you try to run this you might get a error like this:

/var/log/rootsh/amitag.20081215084812.04771: No such file or directory

One quick way to fix this is to run with \”-d\” option.

This problem mainly comes becomes it is mainly designed to be used with sudo. So the choice of how to use is left to you, but indeed a great tool for auditing.

top command with rc to make it more useful and beautiful.

Just for fun, somedays back I was reading the top command. This command is something that I have been using since long time and have never read the man page so I thought let me do that. And yes, it was worth while to look at that page. I came to know that top supports toprc file and that it can be used to configure the way top looks. So:

Here\’s how top looks without the rc file

\"top\"

And here\’s how it looks with the rc file:

\"top

And here is the ~/.toprc file:

RCfile for \”top with windows\” # shameless braggin\’

Id:a, Mode_altscr=0, Mode_irixps=1, Delay_time=5.000, Curwin=0

Def fieldscur=mfcAbdEgHIursOpQTvyzWjKNLX

winflags=32184, sortindx=10, maxtasks=0

summclr=2, msgsclr=1, headclr=7, taskclr=7

Job fieldscur=ABcefgjlrstuvyzMKNHIWOPQDX

winflags=62777, sortindx=0, maxtasks=0

summclr=6, msgsclr=6, headclr=7, taskclr=6

Mem fieldscur=ANOPQRSTUVbcdefgjlmyzWHIKX

winflags=62777, sortindx=13, maxtasks=0

summclr=5, msgsclr=5, headclr=4, taskclr=5

Usr fieldscur=ABDECGfhijlopqrstuvyzMKNWX

winflags=62777, sortindx=4, maxtasks=0

summclr=3, msgsclr=3, headclr=2, taskclr=3

This is just an example, but you can do much more with the rc file.

Managing your remote site locally – sitecopy.

If you are managing a remote site, web server that you do not have direct access to (terminal or ssh) and you have to do it with cpanel, then I know how much pain it is. I had the same issue until recently when I discovered sitecopy.

Description of sitecopy:

sitecopy allows you to easily maintain remote Web sites.  The program will upload files to the server which have changed locally, and delete files from the server which have been removed locally, to keep the remote site synchronized with the local site, with a single command. sitecopy will also optionally try to spot files you move locally, and move them remotely.  FTP and WebDAV servers are supported.

Now that\’s interesting. So how to use sitecopy. I will give you a step by step guide. If you are running Fedora, the package is in the Fedora repo.

So, Lets first install the package :

sudo yum install sitecopy

Once that is done, we need to create a rc file to direct the sites:

site amit –>> Just a name for sitecopy to recognize this site.
server amit-agarwal.co.in –>> The server
remote /  ->> Path on the server to manage
local sitecopy –>> the local path for storage of the files.
username xxxx –>> the username for the site
password xxxx –>> the password for the site
url http://amit-agarwal.co.in –>> URL of the site
protocol ftp –> The protocol to use by sitecopy, webdav also can be used.

Put the above file in the home folder as .sitecopyrc. Then change the permission to 0600. Create a folder called .sitecopy and change the permission to 0700. That much for the configuration. Now create the destination storage folder specified in the local configuration above and change the folder permission to 0700. You are ready to go.

Initialize the site:

sitecopy -i

Then update the site:

sitecopy -s amit

This is supposed to synchronize the local folder with the remote folder but I found that the command did not create the directories recursively, so did a little hack and ran the below to do a complete copy:

sitecopy -s ; while [ $? == 1 ] do sitecopy -s amit; done;

This will complete the initial set of directories for you and then whenever you want to sync the local directory you can run

sitecopy -s amit

and when you make changes locally you can update the site with

sitecopy -u amit