RE: users logs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tripwire??

percy

> Date: Tue, 9 Jun 2009 19:32:56 +0100
> From: yousfia@xxxxxxxxx
> To: redhat-list@xxxxxxxxxx
> Subject: Re: users logs
> 
> I want to get this tips for preventive reason for violating or doing
> something silly like changing config files...etc.
> AY.
> 
> On Tue, Jun 9, 2009 at 7:17 PM, mark <m.roth2006@xxxxxxx> wrote:
> 
> > Abdelkader Yousfi wrote:
> > > so you mean no way for having each command hit by each users except
> > getting
> > > bach_history file !!!
> > > because i want to get my system more secure and seeing each user what he
> > > does or what he is doing in shell
> > > Thx!
> > >
> > I am now questioning *why* you want to do this. Is this a requirement from
> > management, and, if so, for what reason? Do you believe someone inside is
> > grossly violating company policy, or doing corporate espionage?
> >
> >        mark
> > > On Tue, Jun 9, 2009 at 4:40 PM, mark <m.roth2006@xxxxxxx> wrote:
> > >
> > >> Abdelkader Yousfi wrote:
> > >>> All,
> > >>>
> > >>> How can we know on RHEL what each users is doing on the system
> > (commands,
> > >>> file accessing...etc)?
> > >>> Thanks!
> > >> Are you talking about *every* *single* *command* (assuming we're not
> > >> talking X
> > >> here, but shell), or just when they issue commands with root privilege?
> > >>
> > >> If the latter, they should be using sudo most of the time, and then
> > >> everything
> > >> will be logged in /var/log/secure.
> > >>
> > >> If you mean the former, that's inane. They started doing that at a major
> > >> corporation I worked at in '03, allegedly as part of their SOX
> > >> (Sarbanes-Oxley)
> > >> compliance, and it's a bad joke; it's more 'if anyone ever asks, we'll
> > bury
> > >> them under so much info that they'll never find what they're looking
> > for".
> > >>
> > >> Really - what do you actually *need* to know? What are you trying to
> > >> achieve?
> > >> Logging everything that everyone does, say, by copying their
> > .bash_history
> > >> file
> > >> every few minutes, or adding a shell wrapper that logs it, the way the
> > >> company
> > >> I worked for did, for more than a handful of people will *bury* you.
> > >>
> > >> While we're at it, though I hate it, are you using selinux?
> > >>
> > >>        mark
> > >>
> > >> --
> > >> redhat-list mailing list
> > >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > >> https://www.redhat.com/mailman/listinfo/redhat-list
> > >>
> > >
> > >
> > >
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> 
> 
> 
> -- 
> Best Regards,
> Abdelkader
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

_________________________________________________________________
Missed any of the IPL matches ? Catch a recap of all the action on MSN Videos
http://msnvideos.in/iplt20/msnvideoplayer.aspx-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list


[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux