Greetings,
On Wed, Aug 8, 2012 at 10:26 PM, Heng Su <ste.suheng@xxxxxxxxx> wrote:
> hello,
> For my server, many users can log in with root from remote through
> ssh, so I can not trace which guy do wrong things. So I decide to create
> new account for every users and let them use 'sudo' then I can trace
> which guy typed which command and what he did. However, even if I create
> new account for every user, they also can delete the history of them
> self easily.
>
> How should I do. I believe everyone encountered such things
> normally. I think there is a gracefully solution for it as I am not
> experience on server manage. So any suggestions for how to trace user
> like to write down which user did as an audit trail and let it can not
> deletable exclude root user?
Perhaps you can look at inotify, put the .bash_history on its
watchlist and then rsync the changes to a remote host.
Haven't tried it though.
HTH
--
Regards,
Rajagopal
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
