?
Solved

redirecting all stderr to file

Posted on 2003-02-23
4
Medium Priority
?
235 Views
Last Modified: 2011-09-20
Hai All!
   I am doing a intrusion detection project where i have to trace all user activities. I want to redirect all error messages(stderr) to a file with the user who did that. please guide me how to do this task. Is there any other techniques to trace all user activities. i am using linux 7.2 and developing in C.
0
Comment
Question by:shenasar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 46

Accepted Solution

by:
Kent Olsen earned 200 total points
ID: 8008846

You can do it at the shell level with:

SomeProgram 2>RedirectedFileName


Your C program can do it too, by calling freopen():

stderr = freopen ("RedirectedStderrFileName, "w", stderr);


Note that this should probably be a "two step call".  If freopen() fails the method abouve will have set stderr to NULL -- not a good thing.  If the redirect file already exists and is "read only" the function may fail.


Good Luck,
Kdo
0
 

Author Comment

by:shenasar
ID: 8031486
Hai!
  I need some more information. what i am trying to do is to trace all user activities. For example, the error message that comes when an user try to access  /root directory has to be redirected to a file specifying the name of the user,command he executed, time, etc.
  please guide me how to do that, because i am at the neck of my project work.
0
 
LVL 46

Expert Comment

by:Kent Olsen
ID: 8033113
Ahha,

I read your first post to mean something else.  What you're really trying to do is capture all of the shell commands and errors.

There's actually quite a large business in providing this kind of security to unix.  Several companies provide plug-in security, though they are rather expensive.

Two suggestions come to mind.

If you're trying to contain people that have legitimage access to your system you can always force them to your own shell and just limit the things that you'll let them do.

If you've got source code for the shell processors (ksh, bsh, etc) you can always build in the functionality that you're looking for.


Kdo
0
 

Expert Comment

by:CleanupPing
ID: 9447559
shenasar:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
A short article about problems I had with the new location API and permissions in Marshmallow
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
Introduction to Processes
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question