Is it possible to use ‘script’ command that records what happens in a session as the default shell? How could you deal with multiple logins at once? What about output from rsync and the like?
4 thoughts on - Using Typescript As A Default Shell?
What problem are you attempting to solve? Have you looked at the bash ‘history’ command?
We’d like to have an auditable history of what happened on production servers, kept for a period of time. (perhaps a week?) It’s a very busy production environment, but the only shell-level access to the systems are administrative, but having a history of activity as well as the output would have been highly valuable this morning to verify that a mistake that might have been made was. (or wasn’t!)
I’m familiar with `history`but it has a few problems:
1) You only see the commands entered.
2) You only see the commands in other shells after you log out.
3) You don’t see the output from the commands.
4) Histories can be lost altogether if the shell exits abnormally. (EG tcp timeout)
I was thinking of a shell script something like (PSEUDO code)
And putting it as the shell in /etc/passwd, but this *has* to be the kind of thing that somebody else has done, right?
Benjamin Smith wrote:
Hi,
While not solving all your problems ZSH may be of help. With ZSH you can configure it to save history immediately upon command being entered and therefore never lose the history. Although, you can still lose it if someone purposely deletes it. But then the same can be applied to any shell logger.
Additionally this means recent commands will be in the history file as soon as they run, thus you do not have to close the shell in order to view the recent commands run.
Using .zshrc it’s simply the case of using “setopts inc_appendhistory”
to get that functionality.
Although getting used to a whole new shell could be a bit of a challenge if you are very used to BASH.
There’s also many other features which may be helpful to you. Such as time stamps and shared history.
4 thoughts on - Using Typescript As A Default Shell?
What problem are you attempting to solve? Have you looked at the bash ‘history’ command?
We’d like to have an auditable history of what happened on production servers, kept for a period of time. (perhaps a week?) It’s a very busy production environment, but the only shell-level access to the systems are administrative, but having a history of activity as well as the output would have been highly valuable this morning to verify that a mistake that might have been made was. (or wasn’t!)
I’m familiar with `history`but it has a few problems:
1) You only see the commands entered.
2) You only see the commands in other shells after you log out.
3) You don’t see the output from the commands.
4) Histories can be lost altogether if the shell exits abnormally. (EG tcp timeout)
I was thinking of a shell script something like (PSEUDO code)
#! /bin/sh LOGFILE=`date –format=’Ymd:Hms’`;
script /var/log/histories/root.$LOGFILE
exit $?
And putting it as the shell in /etc/passwd, but this *has* to be the kind of thing that somebody else has done, right?
Benjamin Smith wrote:
Hi,
While not solving all your problems ZSH may be of help. With ZSH you can configure it to save history immediately upon command being entered and therefore never lose the history. Although, you can still lose it if someone purposely deletes it. But then the same can be applied to any shell logger.
Additionally this means recent commands will be in the history file as soon as they run, thus you do not have to close the shell in order to view the recent commands run.
Using .zshrc it’s simply the case of using “setopts inc_appendhistory”
to get that functionality.
Although getting used to a whole new shell could be a bit of a challenge if you are very used to BASH.
There’s also many other features which may be helpful to you. Such as time stamps and shared history.
Search “history” on this page to see more:
http://linux.die.net/man/1/zshoptions
I personally use ZSH where-ever possible as I personally find it to be better than BASH, however this is more of a preference than anything.
Good luck though :-)
Kind Regards, Jake Shipton (JakeMS)
Twitter: @CrazyLinuxNerd GPG Key: 0xE3C31D8F
GPG Fingerprint: 7515 CC63 19BD 06F9 400A DE8A 1D0B A5CF E3C3 1D8F
You can use auditd to do this, but it won’t capture the output, just the command and its exit code.
To go along with the zsh suggestion, I believe that you can compile ksh93 to include auditing, but it’s not enabled on any of my systems.