users logs

Marti, Rob RJM002 at shsu.edu
Tue Jun 9 21:42:44 UTC 2009 

If you're using RHEL5 you can enable bash auditing.  I don't think the same solution exists for RHEL4 (yet?).

As far as why, I've been requested to set it up for PCI compliance (since developers have access to credit card numbers, etc. without going through sudo) but all my CC handling servers are RHEL4 so... :-/

Rob Marti

-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of Percy Barboza
Sent: Tuesday, June 09, 2009 4:37 PM
To: General Red Hat Linux discussion list
Subject: RE: users logs


Tripwire??

percy

> Date: Tue, 9 Jun 2009 19:32:56 +0100
> From: yousfia at gmail.com
> To: redhat-list at redhat.com
> Subject: Re: users logs
> 
> I want to get this tips for preventive reason for violating or doing
> something silly like changing config files...etc.
> AY.
> 
> On Tue, Jun 9, 2009 at 7:17 PM, mark <m.roth2006 at rcn.com> wrote:
> 
> > Abdelkader Yousfi wrote:
> > > so you mean no way for having each command hit by each users except
> > getting
> > > bach_history file !!!
> > > because i want to get my system more secure and seeing each user what he
> > > does or what he is doing in shell
> > > Thx!
> > >
> > I am now questioning *why* you want to do this. Is this a requirement from
> > management, and, if so, for what reason? Do you believe someone inside is
> > grossly violating company policy, or doing corporate espionage?
> >
> >        mark
> > > On Tue, Jun 9, 2009 at 4:40 PM, mark <m.roth2006 at rcn.com> wrote:
> > >
> > >> Abdelkader Yousfi wrote:
> > >>> All,
> > >>>
> > >>> How can we know on RHEL what each users is doing on the system
> > (commands,
> > >>> file accessing...etc)?
> > >>> Thanks!
> > >> Are you talking about *every* *single* *command* (assuming we're not
> > >> talking X
> > >> here, but shell), or just when they issue commands with root privilege?
> > >>
> > >> If the latter, they should be using sudo most of the time, and then
> > >> everything
> > >> will be logged in /var/log/secure.
> > >>
> > >> If you mean the former, that's inane. They started doing that at a major
> > >> corporation I worked at in '03, allegedly as part of their SOX
> > >> (Sarbanes-Oxley)
> > >> compliance, and it's a bad joke; it's more 'if anyone ever asks, we'll
> > bury
> > >> them under so much info that they'll never find what they're looking
> > for".
> > >>
> > >> Really - what do you actually *need* to know? What are you trying to
> > >> achieve?
> > >> Logging everything that everyone does, say, by copying their
> > .bash_history
> > >> file
> > >> every few minutes, or adding a shell wrapper that logs it, the way the
> > >> company
> > >> I worked for did, for more than a handful of people will *bury* you.
> > >>
> > >> While we're at it, though I hate it, are you using selinux?
> > >>
> > >>        mark
> > >>
> > >> --
> > >> redhat-list mailing list
> > >> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > >> https://www.redhat.com/mailman/listinfo/redhat-list
> > >>
> > >
> > >
> > >
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> 
> 
> 
> -- 
> Best Regards,
> Abdelkader
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

_________________________________________________________________
Missed any of the IPL matches ? Catch a recap of all the action on MSN Videos
http://msnvideos.in/iplt20/msnvideoplayer.aspx-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=subscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list