This is the most recent fedora core 4 bash rpm (bash-3.0-31) with the syslog patch.

We recommend add the following config lines to the syslog.conf:

/*

*.info;mail.none;authpriv.none;cron.none;local5.none;kern.none  /var/log/messages
authpriv.*                                              	/var/log/secure
mail.*                                               	        /var/log/maillog
cron.*                                                  	/var/log/cron
*.emerg                                                 	*
uucp,news.crit                                      	        /var/log/spooler
local7.*                                             	        /var/log/boot.log
local5.*                                                	/var/log/User.log
kern.*                                                  	/var/log/kernel

*/

The bash logging will be alocated in a alternate file (/var/log/User.log)
than /var/log/messages

Also add the following lines to /etc/logrotate.d/syslog for rotation.

/*

(root@fogheaven):/etc/logrotate.d# cat syslog
/var/log/messages /var/log/User.log /var/log/secure /var/log/maillog
/var/log/spooler /var/log/boot.log /var/log/cron /var/log/kernel {
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null ||
true
    endscript
}

*/


Cron for divide by name into /var/log/users directory, you can add to cron:

(root@fogheaven):/var/spool/mail# cat /etc/cron.hourly/userlog.cron
#!/bin/sh
for uid in `awk -F: '{ print $3}' /etc/passwd`; do
grep uid:$uid\] /var/log/User.log > $(awk -F: '{if ($3 == '"$uid"') print "/var/log/users/"$1}' /etc/passwd)
done
find /var/log/users -type f -empty -exec rm -rf {} \;

-------------------------------------------------------------------------------------

Name        : bash                         Relocations: /usr
Version     : 3.0                               Vendor: !dSR www.digitalsec.net
Release     : 31+syslog                     Build Date: Fri Jun 17 06:55:40 2005
Install Date: Fri Jun 17 06:56:30 2005      Build Host: fogheaven.digitalsec.net
Group       : System Environment/Shells     Source RPM: bash-3.0-31+syslog.src.rpm
Size        : 5183575                          License: GPL
Signature   : (none)
URL         : http://www.digitalsec.net/stuff/rpms/
Summary     : The GNU Bourne Again shell (bash) version 3.0.
Description :

! WARNING! This Bash version contains the logging patch               !
! by DS <ds@digitalsec.net> based on previous version by              !
! Antonomasia <ant@notatla.demon.co.uk>                               !
! http://www.digitalsec.net/stuff/olds/bash-3.0-syslog.patch          !
! The packages' name nor contents (superficially) hint to this,       !
! so be carefull you don't install it over your "regular" /bin/bash   !
! RPM Build by !dSR Team www.digitalsec.net                           !

The GNU Bourne Again shell (Bash) is a shell or command language
interpreter that is compatible with the Bourne shell (sh). Bash
incorporates useful features from the Korn shell (ksh) and the C shell
(csh). Most sh scripts can be run by bash without modification. This
package (bash) contains bash version 3.0, which improves POSIX
compliance over previous versions. However, many old shell scripts
will depend upon the behavior of bash 1.14, which is included in the
bash1 package. Bash is the default shell for Red Hat Linux.  It is
popular and powerful, and you'll probably end up using it.



Fri Jun 17 07:03:40 CEST 2005
!dSR - Digital Security Research
http://www.digitalsec.net