good tty logging

[job]

All shell command's and as much as possible should be logged (over encrypted connection) to one or two masterservers and be stored for future reference in case of abuse.

[rodecker]

Rootsh (http://sourceforge.net/projects/rootsh/) looks like a good candidate for this. It logs all user commands and output, and throws it to syslog.

Things that would need to be done to deploy this:

• create debian package
• configure syslog-ng to use TLS encryption and authentication (not a bad idea anyway)
• set rootsh -i as login shell for all users
• layer 9 foo to deal with legal implications

[ebzao]

http://manpages.ubuntu.com/manpages/maverick/man8/pam_tty_audit.8.html could do the job of tty logging. But it doesn't log output of commands.

[rodecker]

pam_tty_audit is not available on Ubuntu. Acct does the equivalent.