users logs

[mark]

Abdelkader Yousfi wrote:
> All,
> 
> How can we know on RHEL what each users is doing on the system (commands,
> file accessing...etc)?
> Thanks!

Are you talking about *every* *single* *command* (assuming we're not talking X
here, but shell), or just when they issue commands with root privilege?

If the latter, they should be using sudo most of the time, and then everything
will be logged in /var/log/secure.

If you mean the former, that's inane. They started doing that at a major
corporation I worked at in '03, allegedly as part of their SOX (Sarbanes-Oxley)
compliance, and it's a bad joke; it's more 'if anyone ever asks, we'll bury
them under so much info that they'll never find what they're looking for".

Really - what do you actually *need* to know? What are you trying to achieve?
Logging everything that everyone does, say, by copying their .bash_history file
every few minutes, or adding a shell wrapper that logs it, the way the company
I worked for did, for more than a handful of people will *bury* you.

While we're at it, though I hate it, are you using selinux?

	mark