KSH 93

IF you are using ssh for your PASE terminal (not work with call qp2term), following ksh93 binary download works for PASE ssh terminal auditing.

  • web site: https://www.ibm.com/developerworks/aix/library/au-korn93/
  • Installation:
    Where to put ksh93, a philosophic discussion with many options ...
    
    1) PASE (Option 33) --  /QOpenSys/QIBM/ProdData/OS400/PASE/bin 
       ... all machine users will see utilities placed this PASE directory
       ... but directory belongs to PASE (PASE may clobber filename duplicates)
    
    2) Private/personal directory -- /home/myhome/bin 
       ... admin would need to set-up a env PASE_PATH or PATH 
           for all users to be forced into shell auditing 
    
    Personally, i recommend using "personal directory", 
    so you do not impact all users of the machine,
    or collide with another version of ksh93, 
    only add users you wish to "audit".
    
  • Operation
    ssh -X adc@lp0364d          -- ssh to your IBM i machine (call qp2term will not work)
    
    ----
    ''Links: [[Site/SideBar | Index (SideBar) ]]''
    
    
    /etc/ksh_audit              -- add your profile ids to list of audit watch
    /tmp/ksh_audit.out;107;109
    
    export SHACCT=1             -- set prior to ksh93 start
    
    ./ksh93                     -- where you put download shell ksh93 (ksh93.att.audit.bin)
    
    cat /tmp/ksh_audit.out      -- see audit logging
    109;1395072587;/dev/pts/0; ls
    109;1395072597;/dev/pts/0; cat /tmp/ksh_audit.out
    
  • To find your user profile id number for /etc/ksh_audit
5250:
dspusrprf adc
User ID number . . . . . . . . . . . . . . :   109

ssh -X adc@lp0364d

$ /usr/bin/id adc
uid=109(adc) gid=0

$ cat /etc/ksh_audit
/tmp/ksh_audit.out;107;109

Auditing for 109 (adc) and 107 (?).
  • Example my V7 machine (adc id 109 — lp0364d):
    ssh -X adc@lp0364d
    bash-4.2$ export SHACCT=1
    bash-4.2$ ./ksh93 
    $ ls
    $ cat /tmp/ksh_audit.out
    109;1395072587;/dev/pts/0; ls
    109;1395072597;/dev/pts/0; cat /tmp/ksh_audit.out
    $ cat /etc/ksh_audit
    /tmp/ksh_audit.out;107;109
    $ cat /tmp/ksh_audit.out
    109;1395072587;/dev/pts/0; ls
    109;1395072597;/dev/pts/0; cat /tmp/ksh_audit.out
    109;1395072730;/dev/pts/0; cat /etc/ksh_audit
    109;1395072746;/dev/pts/0; cat /tmp/ksh_audit.out
    $
    
  • Example my V6 machine (adc id 155 — lp0264d):
    ssh -X adc@lp0264d
    $ export SHACCT=1
    $ ./ksh93
    $ ls
    ksh93  misc   pecl
    $ cat /tmp/ksh_audit.out
    115;1395074009;/dev/pts/0; ls
    115;1395074021;/dev/pts/0; cat /tmp/ksh_audit.out
    $