users logs

Abdelkader Yousfi yousfia at gmail.com
Tue Jun 9 18:32:56 UTC 2009 

I want to get this tips for preventive reason for violating or doing
something silly like changing config files...etc.
AY.

On Tue, Jun 9, 2009 at 7:17 PM, mark <m.roth2006 at rcn.com> wrote:

> Abdelkader Yousfi wrote:
> > so you mean no way for having each command hit by each users except
> getting
> > bach_history file !!!
> > because i want to get my system more secure and seeing each user what he
> > does or what he is doing in shell
> > Thx!
> >
> I am now questioning *why* you want to do this. Is this a requirement from
> management, and, if so, for what reason? Do you believe someone inside is
> grossly violating company policy, or doing corporate espionage?
>
>        mark
> > On Tue, Jun 9, 2009 at 4:40 PM, mark <m.roth2006 at rcn.com> wrote:
> >
> >> Abdelkader Yousfi wrote:
> >>> All,
> >>>
> >>> How can we know on RHEL what each users is doing on the system
> (commands,
> >>> file accessing...etc)?
> >>> Thanks!
> >> Are you talking about *every* *single* *command* (assuming we're not
> >> talking X
> >> here, but shell), or just when they issue commands with root privilege?
> >>
> >> If the latter, they should be using sudo most of the time, and then
> >> everything
> >> will be logged in /var/log/secure.
> >>
> >> If you mean the former, that's inane. They started doing that at a major
> >> corporation I worked at in '03, allegedly as part of their SOX
> >> (Sarbanes-Oxley)
> >> compliance, and it's a bad joke; it's more 'if anyone ever asks, we'll
> bury
> >> them under so much info that they'll never find what they're looking
> for".
> >>
> >> Really - what do you actually *need* to know? What are you trying to
> >> achieve?
> >> Logging everything that everyone does, say, by copying their
> .bash_history
> >> file
> >> every few minutes, or adding a shell wrapper that logs it, the way the
> >> company
> >> I worked for did, for more than a handful of people will *bury* you.
> >>
> >> While we're at it, though I hate it, are you using selinux?
> >>
> >>        mark
> >>
> >> --
> >> redhat-list mailing list
> >> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >> https://www.redhat.com/mailman/listinfo/redhat-list
> >>
> >
> >
> >
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



-- 
Best Regards,
Abdelkader

More information about the redhat-list mailing list