users logs

[George Magklaras]

I have read your request and followed a bit the rather long thread. One 
way to tackle this issue, addressing the bad folk within and beyond is 
to use an execve logger. You might find my MPhil thesis interesting:

http://folk.uio.no/georgios/papers/magklarasmphilthesis.pdf

Page 202 of the Appendix contains sample code employing an execve 
logging wrapper. What this does is to give you all the commands execv-ed 
per user ID and dump them via syslogd to a suitable location. Collecting 
shell history files is not a good idea because it might omit important 
info and a simple text file is easily erasable by someone who is serious 
about covering his tracks. A log wrapper is not immune to a skilled 
attacker determined to cover his/her tracks but it is more difficult to 
circumvent. This should give you commands and arguments.

Be warned however that on a very busy system, this can I/O starve your 
machine. In fact, I am re-writing the wrapper calls to address these issues.

Hope this helps.

-- 
--
George Magklaras BSc Hons MPhil
RHCE:805008309135525

Senior Computer Systems Engineer/UNIX-Linux Systems Administrator
EMBnet Technical Management Board
The Biotechnology Centre of Oslo,
University of Oslo
http://folk.uio.no/georgios

Tel: +47-22840535

--

Abdelkader Yousfi wrote:
> All,
> 
> How can we know on RHEL what each users is doing on the system (commands,
> file accessing...etc)?
> Thanks!
> 
> Best Regards,
> Abdelkader Y.
> VAS & Intelligent Network Team Leader