Tripwire?? percy > Date: Tue, 9 Jun 2009 19:32:56 +0100 > From: yousfia@xxxxxxxxx > To: redhat-list@xxxxxxxxxx > Subject: Re: users logs > > I want to get this tips for preventive reason for violating or doing > something silly like changing config files...etc. > AY. > > On Tue, Jun 9, 2009 at 7:17 PM, mark <m.roth2006@xxxxxxx> wrote: > > > Abdelkader Yousfi wrote: > > > so you mean no way for having each command hit by each users except > > getting > > > bach_history file !!! > > > because i want to get my system more secure and seeing each user what he > > > does or what he is doing in shell > > > Thx! > > > > > I am now questioning *why* you want to do this. Is this a requirement from > > management, and, if so, for what reason? Do you believe someone inside is > > grossly violating company policy, or doing corporate espionage? > > > > mark > > > On Tue, Jun 9, 2009 at 4:40 PM, mark <m.roth2006@xxxxxxx> wrote: > > > > > >> Abdelkader Yousfi wrote: > > >>> All, > > >>> > > >>> How can we know on RHEL what each users is doing on the system > > (commands, > > >>> file accessing...etc)? > > >>> Thanks! > > >> Are you talking about *every* *single* *command* (assuming we're not > > >> talking X > > >> here, but shell), or just when they issue commands with root privilege? > > >> > > >> If the latter, they should be using sudo most of the time, and then > > >> everything > > >> will be logged in /var/log/secure. > > >> > > >> If you mean the former, that's inane. They started doing that at a major > > >> corporation I worked at in '03, allegedly as part of their SOX > > >> (Sarbanes-Oxley) > > >> compliance, and it's a bad joke; it's more 'if anyone ever asks, we'll > > bury > > >> them under so much info that they'll never find what they're looking > > for". > > >> > > >> Really - what do you actually *need* to know? What are you trying to > > >> achieve? > > >> Logging everything that everyone does, say, by copying their > > .bash_history > > >> file > > >> every few minutes, or adding a shell wrapper that logs it, the way the > > >> company > > >> I worked for did, for more than a handful of people will *bury* you. > > >> > > >> While we're at it, though I hate it, are you using selinux? > > >> > > >> mark > > >> > > >> -- > > >> redhat-list mailing list > > >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > >> https://www.redhat.com/mailman/listinfo/redhat-list > > >> > > > > > > > > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > -- > Best Regards, > Abdelkader > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list _________________________________________________________________ Missed any of the IPL matches ? Catch a recap of all the action on MSN Videos http://msnvideos.in/iplt20/msnvideoplayer.aspx-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list
