0

Thanks for any help.

I'm helping configure a machine to log keystrokes using /usr/bin/script function. For each session, a log file is created that includes the POSIX time. $PS1 is changed to reflect the current time and name of the user so that anytime something is typed - we know when and what.

My problem is that /usr/bin/script launches a new (SHLVL 2) non-login shell with the standard 'bash-4.2$' prompt, and I can't find which/whose profile is being sourced so that I can change $PS1. /usr/bin/script is launched by root.

Simply, what profile is being sourced by a SHLVL 2 non-login session owned by root, within a session started by a standard user? (It doesn't seem to be /root/.bashrc or /root/.profile)

Alternatively - how can I force a bash profile to be read at every shell, interactive, non-interactive, non-login ,etc.

Edit: Users .bashrc .bash_profile and .profile all have a defined $PS1. Once in the nested shell, I can source any of these to change the prompt.

Improve this question
3
  • I'd check /etc/ and the user's profile. Commented Nov 24, 2014 at 16:18
  • Is this a feature for trusted users or an attempt at a hacker-proof logging system? That will probably influence the type and complexity of the solution. Commented Nov 24, 2014 at 17:50
  • @l0b0 It is a feature for trusted users. It is a closed system so logon access is tightly controlled. At the same time, we do not want to have multiple admin users. Commented Nov 24, 2014 at 18:03

1 Answer 1

Reset to default
0

There already exists a solution for this: sudo. From man 5 sudoers:

sudoers can log both successful and unsuccessful attempts (as well as errors) to syslog(3), a log file, or both. By default, sudoers will log via syslog(3) but this is changeable via the syslog and logfile Defaults settings.

Improve this answer
1
  • Yes, we use auditd to monitor system events and create a separate log file for these, but my goal is also to get all keystrokes through the /usr/bin/script function. Commented Nov 24, 2014 at 20:25

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.