- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: Audit to users
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-19-2003 04:58 AM
тАО12-19-2003 04:58 AM
As I can audit the activities that carries out a user?
S.O: REd Hat 7.2
Thank in advance
Jorge Prado
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-19-2003 05:11 AM
тАО12-19-2003 05:11 AM
Re: Audit to users
Audit is a pretty broad term. Perhaps be specific.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-19-2003 05:36 AM
тАО12-19-2003 05:36 AM
Re: Audit to users
I need to register the activities of the users, without these they have opportunity to modify the possible logs that be generated. The histoty file is manageable by the users.
There is some tool that permit to register the commands introduced by the users?
Thank in advance.
Jorge Prado
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-19-2003 05:43 AM
тАО12-19-2003 05:43 AM
Re: Audit to users
There isn't a whole lot you can do on a system without keystrokes.
The files in the /var/log section contain a lot of what you are looking for. If you are monitoring Internet activity, you can increase the logging of the iptables firewall and get a ton of data.
I'm not aware of a built in feature in Linux like HP-UX Trusted System auditing that integrates this feature. That doesn't mean it doesn't exist.
My guess is you're going to need a third party auditing product.
I would suggest you look for one at sourceforge.net or tucows.com
I have to go home or I'd do it for you for extra points.
Regards,
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-19-2003 07:34 AM
тАО12-19-2003 07:34 AM
Re: Audit to users
Stevens approach is ok if we are talking about situations where you are working with users cooperating with the audit, e.g. it is used to analyze why a particular sequence of commands is not yielding the expected result.
It is insufficient if you do need to do auditing to prevent malicious misuse, since there is plenty of opportunity for users to wipe out or alter the .bash_history between collections to a protected area (or history of another shell). You will need specialized software to do so. And there is a good possibility you will need to pay for it.
On a related note, depending on where you are there are legal privacy requirements that you should check before embarking on any monitoring down to the keystroke level.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-19-2003 07:37 AM
тАО12-19-2003 07:37 AM
Re: Audit to users
Stevens approach is ok if we are talking about situations where you are working with users cooperating with the audit, e.g. it is used to analyze why a particular sequence of commands is not yielding the expected result.
It is insufficient if you do need to do auditing to prevent malicious misuse, since there is plenty of opportunity for users to wipe out or alter the .bash_history between collections to a protected area (or history of another shell). You will need specialized software to do so. And there is a good possibility you will need to pay for it.
On a related note, depending on where you are there are legal privacy requirements that you should check before embarking on any monitoring down to the keystroke level.
Greetings, Martin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-19-2003 07:40 AM
тАО12-19-2003 07:40 AM
Re: Audit to users
http://www.faqs.org/docs/Linux-mini/Process-Accounting.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-19-2003 11:17 AM
тАО12-19-2003 11:17 AM
Solutionpsacct - Utilities for monitoring process activities.
The psacct package contains several utilities for monitoring process activities, including ac, lastcomm, accton and sa. The ac command displays statistics about how long users have been logged on. The lastcomm command displays information about previous executed commands. The accton command turns process accounting on or off. The sa command summarizes information about previously executed commmands.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-21-2003 05:52 PM
тАО12-21-2003 05:52 PM
Re: Audit to users
It modifies the history procedure so that everything written in the .bash_history file is also sent via syslog.
Look for "bash syslog" on Google.
One of the results:
http://www.nardware.co.uk/Security/html/bashlogger.htm
c
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-21-2003 07:37 PM
тАО12-21-2003 07:37 PM