System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

How to Keep track user activity in Linux

SOLVED
Go to solution
Md. Minhaz Khan
Super Advisor

How to Keep track user activity in Linux

Dear concern,

Is there any way to keep track user activity in the command line? I have implemented this by adding following lines in the ".bash_profile" file:

touch ~/Session/command_in_session_`date "+%y%m%d(%H:%M)"`
cat ~/.bash_history >> ~/Session/command_in_session_`date "+%y%m%d(%H:%M)"`
echo " " > ~/.bash_history

But is there any way to implement user level Auditing in Linux from which we can tracking user activity??

Thanks
Minhaz
6 REPLIES
Steven E. Protter
Exalted Contributor

Re: How to Keep track user activity in Linux

Shalom,

Standard.

Set variables HISTORY and HISTSIZE

That creates keyboard logs.

http://secureaudit.sourceforge.net/

http://www.sans.org/score/checklists/AuditingLinux.doc

http://www.linux.com/archive/feature/114422

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Court Campbell
Honored Contributor
Solution

Re: How to Keep track user activity in Linux

I like ossec.

http://www.ossec.net/

When setting things like this up you want to define what you are looking for. Logging all user activity is kind of pointless. Do you really want to know that they changed a directory? Probably not. Good luck!
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
Ivan Ferreira
Honored Contributor

Re: How to Keep track user activity in Linux

You could use "screen" to catch all user session. You can use auditd to audit the commands executed or file access.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Victor Semaska_3
Esteemed Contributor

Re: How to Keep track user activity in Linux

There's also sudosh.

http://sourceforge.net/projects/sudosh/

There are 10 kinds of people, one that understands binary and one that doesn't.
Md. Minhaz Khan
Super Advisor

Re: How to Keep track user activity in Linux

Dear court

I have already install HIDS server and Agent in my linux box. Can uou help me in detail what you have implemented in your production

Thanks
Minhaz
dirk dierickx
Honored Contributor

Re: How to Keep track user activity in Linux

check out Laus, it's included by default with RH, a guide can be found on the RH knowledge base;

http://kbase.redhat.com/faq/docs/DOC-6613