User Auditing
m.roth at 5-cent.us
m.roth at 5-cent.us
Thu Sep 23 15:28:41 UTC 2010
Marti, Robert wrote:
> I haven't tried them, but do these track executing shell commands from
> inside vim or other editors? Or other ways of running commands? (write a
> script, run it, delete the script)
>
It also strikes me as a) a great way to create an overwhelming amount of
data; b) useless - consider the user edits a script, suspends the editing
session, runs the script, forgrounds the editing session, and undoes
whatever code they put in. Oh, and c) over-the-top Big Brother; I mean,
there's oversight, and there's this: if there's this mistrust of the
employees, then perhaps management should either hire trustworthy
employees, or only allow trusted employees to work on the systems.
mark, *not* a fan of the idea.
>
>> -----Original Message-----
>> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
>> bounces at redhat.com] On Behalf Of Zbynek Vymazal
>> Sent: Thursday, September 23, 2010 9:20 AM
>> To: General Red Hat Linux discussion list
>> Subject: RE: User Auditing
>>
>> Hi Rob,
>>
>> I'm logging command history of every user to remote syslog server. It
>> requires two steps on client side:
>>
>> 1) Add following function to /etc/profile:
>>
>> function history_to_syslog
>> {
>> declare command
>> command=$(fc -ln -0)
>> logger -p local7.notice -t bash -i -- $USER : $command } trap
>> history_to_syslog DEBUG
>>
>> 2) Configure local syslog to resend logs to remote syslog (/etc/syslog-
>> ng/syslog-ng.conf):
>>
>> # Send local messages to central syslog server
>>
>> filter f_filter7 { facility(local7); };
>> destination d_syslog_server { udp(xxx.xxx.xxx.xxx); }; log {
>> source(s_sys);
>> filter(f_filter7); destination(d_syslog_server); };
>>
>> Best regards,
>>
>> Zbynek Vymazal
>>
>> -----Original Message-----
>> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
>> bounces at redhat.com] On Behalf Of Rob DeSanno
>> Sent: Thursday, September 23, 2010 15:40
>> To: General Red Hat Linux discussion list
>> Subject: User Auditing
>>
>> This should be an easy question.
>>
>> I use Logwatch on all of my RHEL servers and would like for it to also
>> report
>> on all commands that any user had typed when logged in as well.
>> Something along the lines of UID: Command to give me an idea of who was
>> doing what at any given period of time.
>>
>> I tried using snoopy but that gave me much more than I was looking for.
>> I'm
>> now playing around with psacct and logger but was curious to know what
>> everyone else out there uses to monitor user activity besides looking
>> into
>> everyone history file.
>>
>> Thanks in advance!
>> ~Rob
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list