RE: users logs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If you're using RHEL5 you can enable bash auditing.  I don't think the same solution exists for RHEL4 (yet?).

As far as why, I've been requested to set it up for PCI compliance (since developers have access to credit card numbers, etc. without going through sudo) but all my CC handling servers are RHEL4 so... :-/

Rob Marti

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Percy Barboza
Sent: Tuesday, June 09, 2009 4:37 PM
To: General Red Hat Linux discussion list
Subject: RE: users logs


Tripwire??

percy

> Date: Tue, 9 Jun 2009 19:32:56 +0100
> From: yousfia@xxxxxxxxx
> To: redhat-list@xxxxxxxxxx
> Subject: Re: users logs
> 
> I want to get this tips for preventive reason for violating or doing
> something silly like changing config files...etc.
> AY.
> 
> On Tue, Jun 9, 2009 at 7:17 PM, mark <m.roth2006@xxxxxxx> wrote:
> 
> > Abdelkader Yousfi wrote:
> > > so you mean no way for having each command hit by each users except
> > getting
> > > bach_history file !!!
> > > because i want to get my system more secure and seeing each user what he
> > > does or what he is doing in shell
> > > Thx!
> > >
> > I am now questioning *why* you want to do this. Is this a requirement from
> > management, and, if so, for what reason? Do you believe someone inside is
> > grossly violating company policy, or doing corporate espionage?
> >
> >        mark
> > > On Tue, Jun 9, 2009 at 4:40 PM, mark <m.roth2006@xxxxxxx> wrote:
> > >
> > >> Abdelkader Yousfi wrote:
> > >>> All,
> > >>>
> > >>> How can we know on RHEL what each users is doing on the system
> > (commands,
> > >>> file accessing...etc)?
> > >>> Thanks!
> > >> Are you talking about *every* *single* *command* (assuming we're not
> > >> talking X
> > >> here, but shell), or just when they issue commands with root privilege?
> > >>
> > >> If the latter, they should be using sudo most of the time, and then
> > >> everything
> > >> will be logged in /var/log/secure.
> > >>
> > >> If you mean the former, that's inane. They started doing that at a major
> > >> corporation I worked at in '03, allegedly as part of their SOX
> > >> (Sarbanes-Oxley)
> > >> compliance, and it's a bad joke; it's more 'if anyone ever asks, we'll
> > bury
> > >> them under so much info that they'll never find what they're looking
> > for".
> > >>
> > >> Really - what do you actually *need* to know? What are you trying to
> > >> achieve?
> > >> Logging everything that everyone does, say, by copying their
> > .bash_history
> > >> file
> > >> every few minutes, or adding a shell wrapper that logs it, the way the
> > >> company
> > >> I worked for did, for more than a handful of people will *bury* you.
> > >>
> > >> While we're at it, though I hate it, are you using selinux?
> > >>
> > >>        mark
> > >>
> > >> --
> > >> redhat-list mailing list
> > >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > >> https://www.redhat.com/mailman/listinfo/redhat-list
> > >>
> > >
> > >
> > >
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> 
> 
> 
> -- 
> Best Regards,
> Abdelkader
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

_________________________________________________________________
Missed any of the IPL matches ? Catch a recap of all the action on MSN Videos
http://msnvideos.in/iplt20/msnvideoplayer.aspx-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=subscribe
https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux