User Auditing
Marti, Robert
RJM002 at shsu.edu
Thu Sep 23 14:29:35 UTC 2010
I haven't tried them, but do these track executing shell commands from inside vim or other editors? Or other ways of running commands? (write a script, run it, delete the script)
Rob Marti
> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> bounces at redhat.com] On Behalf Of Zbynek Vymazal
> Sent: Thursday, September 23, 2010 9:20 AM
> To: General Red Hat Linux discussion list
> Subject: RE: User Auditing
>
> Hi Rob,
>
> I'm logging command history of every user to remote syslog server. It
> requires two steps on client side:
>
> 1) Add following function to /etc/profile:
>
> function history_to_syslog
> {
> declare command
> command=$(fc -ln -0)
> logger -p local7.notice -t bash -i -- $USER : $command } trap
> history_to_syslog DEBUG
>
> 2) Configure local syslog to resend logs to remote syslog (/etc/syslog-
> ng/syslog-ng.conf):
>
> # Send local messages to central syslog server
>
> filter f_filter7 { facility(local7); };
> destination d_syslog_server { udp(xxx.xxx.xxx.xxx); }; log { source(s_sys);
> filter(f_filter7); destination(d_syslog_server); };
>
> Best regards,
>
> Zbynek Vymazal
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> bounces at redhat.com] On Behalf Of Rob DeSanno
> Sent: Thursday, September 23, 2010 15:40
> To: General Red Hat Linux discussion list
> Subject: User Auditing
>
> This should be an easy question.
>
> I use Logwatch on all of my RHEL servers and would like for it to also report
> on all commands that any user had typed when logged in as well.
> Something along the lines of UID: Command to give me an idea of who was
> doing what at any given period of time.
>
> I tried using snoopy but that gave me much more than I was looking for. I'm
> now playing around with psacct and logger but was curious to know what
> everyone else out there uses to monitor user activity besides looking into
> everyone history file.
>
> Thanks in advance!
> ~Rob
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list