User Auditing

[Marti, Robert]

About the disgruntled employee - not saying to monitor specific people because they might cause a problem, but monitoring root (the user that causes problems) and alerting based on possible problems would indicate a disgruntled employee. :)

Rob Marti

> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> bounces at redhat.com] On Behalf Of m.roth at 5-cent.us
> Sent: Thursday, September 23, 2010 10:52 AM
> To: General Red Hat Linux discussion list
> Subject: RE: User Auditing
> 
> Marti, Robert wrote:
> > I'm a fan of auditing root keystrokes and shipping them off the box -
> > you can see what happens if your server gets compromised or if you
> > have a disgruntled employee by setting up alerts on the log correlation box.
> > Plus it allows a historical view of an event that bash_history doesn't
> > always - especially if the admin doesn't use a shell that has a history.
> > Auditing normal users, however, typically isn't worth it.
> >
> Ok, if you *know* you have a disgruntled employee. However, I worked at a
> place about 4 years ago that implemented command logging of *every*
> command of *every* user. Slowed the system down, visibly... and IMO,
> created a hostile work environment, telling the employees that no,
> management *did not* trust them, an attitude guaranteed to turn gruntled
> employees into disgruntled ones. <g>
> 
> You'll note I don't work there anymore (though that was for more reasons
> than just this).
> <snip>
> 
>          mark
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list