Projects / rootsh


Rootsh is a wrapper for shells that logs all echoed keystrokes and terminal output to a file and/or to syslog. Its main purpose is the auditing of users who need a shell with root privileges. They start rootsh through the sudo mechanism.

Operating Systems

Recent releases

  •  24 Mar 2005 14:17

    Release Notes: Mac OS X support was added. syslogging of the username was added. Examples were added to the INSTALL file. The environment variable ROOTSH_SESSIONID is now set inside a running rootsh. The Irix logdir in was fixed. A bug that causing a core dump under SunOS5.9 with the -u option was fixed. A bug which sent an ugly last line to syslog under Linux was fixed.

    •  12 Feb 2005 01:56

      Release Notes: Support for the SGI Irix operating system was added. The format of syslog messages was slightly changed to be RFC 3164 compliant.

      •  18 Dec 2004 05:13

        Release Notes: Tamper detection code was added to endlogging(). The deletion of log files during a session is now recognized. A bug that caused random core dumps under HP-UX was fixed. Conditional compilation was implemented in basename.c for Cygwin. Many comments were added to the code.

        •  07 Dec 2004 21:52

          Release Notes: Some xterm escape sequences could cause empty syslog messages. This was a critical error, since users could hide their actions in a syslog-only environment. This bug in stripesc has been fixed.

          •  05 Dec 2004 04:04

            Release Notes: For those who want to monitor users as soon as they log into a machine, rootsh can now be used as login shell in /etc/ passwd. For this purpose there is a new option --with- defaultshell= for configuring.

            Recent comments

            23 Apr 2011 15:43 wschlich

            Version 1.5.3 is out since 2008:

            03 Jul 2006 15:27 lausser

            Re: why not script(1)

            > Hi there,


            > what are the benefits of using rootsh

            > instead of script(1)?


            > greetings,

            > ssc

            because script

            - doesn't send the in/output to a syslog server

            - cannot be used as a login shell

            - does not detect logfile tampering

            - cannot be restricted to particular commands


            18 Jun 2006 06:56 ssc_

            why not script(1)
            Hi there,

            what are the benefits of using rootsh instead of script(1)?




            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.