User Auditing

Marti, Robert RJM002 at shsu.edu
Thu Sep 23 14:29:35 UTC 2010 

I haven't tried them, but do these track executing shell commands from inside vim or other editors?  Or other ways of running commands? (write a script, run it, delete the script)

Rob Marti

> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> bounces at redhat.com] On Behalf Of Zbynek Vymazal
> Sent: Thursday, September 23, 2010 9:20 AM
> To: General Red Hat Linux discussion list
> Subject: RE: User Auditing
> 
> Hi Rob,
> 
> I'm logging command history of every user to remote syslog server. It
> requires two steps on client side:
> 
> 1) Add following function to /etc/profile:
> 
> function history_to_syslog
> {
>    declare command
>    command=$(fc -ln -0)
>    logger -p local7.notice -t bash -i -- $USER : $command } trap
> history_to_syslog DEBUG
> 
> 2) Configure local syslog to resend logs to remote syslog (/etc/syslog-
> ng/syslog-ng.conf):
> 
> # Send local messages to central syslog server
> 
> filter f_filter7   { facility(local7); };
> destination d_syslog_server { udp(xxx.xxx.xxx.xxx); }; log { source(s_sys);
> filter(f_filter7); destination(d_syslog_server); };
> 
> Best regards,
> 
> Zbynek Vymazal
> 
> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> bounces at redhat.com] On Behalf Of Rob DeSanno
> Sent: Thursday, September 23, 2010 15:40
> To: General Red Hat Linux discussion list
> Subject: User Auditing
> 
> This should be an easy question.
> 
> I use Logwatch on all of my RHEL servers and would like for it to also report
> on all commands that any user had typed when logged in as well.
> Something along the lines of UID: Command to give me an idea of who was
> doing what at any given period of time.
> 
> I tried using snoopy but that gave me much more than I was looking for. I'm
> now playing around with psacct and logger but was curious to know what
> everyone else out there uses to monitor user activity besides looking into
> everyone history file.
> 
> Thanks in advance!
> ~Rob
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list