User Auditing
Georgios Magklaras
georgios at biotek.uio.no
Thu Sep 23 14:05:02 UTC 2010
On 09/23/2010 03:40 PM, Rob DeSanno wrote:
> This should be an easy question.
>
> I use Logwatch on all of my RHEL servers and would like for it to also
> report on all commands that any user had typed when logged in as well.
> Something along the lines of UID: Command to give me an idea of who was
> doing what at any given period of time.
>
> I tried using snoopy but that gave me much more than I was looking for. I'm
> now playing around with psacct and logger but was curious to know what
> everyone else out there uses to monitor user activity besides looking into
> everyone history file.
>
> Thanks in advance!
> ~Rob
You might like to take a look at LUARM: http://luarm.sourceforge.net/
It is a new project I am heading and the idea is to target mainly what
the users are doing at file, network endpoint and process execution
level. As long as you have a good MySQL box and you are willing to
install Perl DBI/ DBD MySQL, you should get what you want.
A good presentation of what the system is supposed to do and the context
is here:
http://folk.uio.no/georgios/other/Dagstuhl2010.pdf
(Documentation is under way)
Snoopy is good, but it has an inherent library dependency on the user
environment that I do not like. Psacct can introduce substantial
overhead on a busy server. Give LUARM a go and then let me know what you
think and/or issues you might face in the process of deploying it.
--
--
George Magklaras
Senior Systems Engineer/IT Manager
Biotek Center, University of Oslo
EMBnet TMPC Chair
http://folk.uio.no/georgios
Tel: +47 22840535
More information about the redhat-list
mailing list