Log "date -s" command

Question

I know that the date -s <STRING> command sets the time described by the string STRING.

What i want is to log the above command whenever it is used to set the time into the file /tmp/log/user.log.

In my Linux distribution the logging is done by syslog-ng. I already have some logs going into /tmp/log/user.log.

This is the content of /etc/syslog-ng/syslog-ng.conf in my system for logging into /tmp/log/user.log

destination d_notice  { file("/tmp/log/user.log");};

filter f_filter10   { level(notice) and not facility(mail,authpriv,cron); };

log { source(s_sys); filter(f_filter10); destination(d_notice); };

What should i do so that date -s command is also logged into /tmp/log/user.log

score 1 · Answer 1 · answered Dec 21 '10 at 09:39

Date changes are not logged by default, at least not on Debian.

The simplest option would be to replace /bin/date with a wrapper that prints a log message using logger then calls the real /bin/date executable, e.g.

mv /bin/date /bin/date.real
cat << 'EOF' >/bin/date
#!/bin/bash
logger -p user.notice "date run by $UID: $*"
/bin/date.real
EOF
chmod +x /bin/date

Other than that, I know that grsecurity allows you to log any changes to the system time. It would require compiling a custom kernel.

I agree with you. But if i use this, `date -s` command will show the date , `date -` will also show the date — LinuxPenseur, Dec 21 '10 at 12:48

Log "date -s" command

1 Answers1