[NTLUG:Discuss] Monitor user's activity
David Ross
davidross at classicnet.net
Wed Apr 14 17:39:06 CDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 14 April 2004 11:35 am, tr_data1 wrote:
> I'm in search of some good ways to monitor the activities of users.
> Some of our test systems have questionable actions being done by
> valid accounts. Linux (Redhat) and Solaris.
>
> The problem with the shell's history is a) no timestamps b) ways to
> delete it or otherwise alter, etc. "last" just tells me when they are
> logged in and from where.
>
> Short of writing a little script that uses "date" and "ps", any ideas?
>
> Perhaps some good web sites and/or books I could look at. Again,
> this is for users that are to have accounts -- they just aren't
> honest. :-(
> =TR=
http://www.uni-tuebingen.de/zdv/zriinfo/linux/books/lasg/logging/
"if you want to log users shell history and otherwise tighten up security I
would recommend setting the configuration files in the user’s home directory
to immutable using the chattr command, and set the log files (such as
.bash_history) to append only. Doing this however opens up some legal issues,
so make sure your users are aware they are being logged and have agreed to
it, otherwise you could get into trouble."
- --
David Ross
Registered Linux User #344306
EMail is certified Windows® free.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAfb2P/+eOZWcdIz8RAjH+AJ4wvSV4SXbS6Pqdc+bB1bxoytyrzgCeJsb6
tCbwRBdTl9W94Ry3x+7/cnM=
=BpQf
-----END PGP SIGNATURE-----
More information about the Discuss
mailing list