I have read your request and followed a bit the rather long thread. One
way to tackle this issue, addressing the bad folk within and beyond is
to use an execve logger. You might find my MPhil thesis interesting:
http://folk.uio.no/georgios/papers/magklarasmphilthesis.pdf
Page 202 of the Appendix contains sample code employing an execve
logging wrapper. What this does is to give you all the commands execv-ed
per user ID and dump them via syslogd to a suitable location. Collecting
shell history files is not a good idea because it might omit important
info and a simple text file is easily erasable by someone who is serious
about covering his tracks. A log wrapper is not immune to a skilled
attacker determined to cover his/her tracks but it is more difficult to
circumvent. This should give you commands and arguments.
Be warned however that on a very busy system, this can I/O starve your
machine. In fact, I am re-writing the wrapper calls to address these issues.
Hope this helps.
--
--
George Magklaras BSc Hons MPhil
RHCE:805008309135525
Senior Computer Systems Engineer/UNIX-Linux Systems Administrator
EMBnet Technical Management Board
The Biotechnology Centre of Oslo,
University of Oslo
http://folk.uio.no/georgios
Tel: +47-22840535
--
Abdelkader Yousfi wrote:
All,
How can we know on RHEL what each users is doing on the system (commands,
file accessing...etc)?
Thanks!
Best Regards,
Abdelkader Y.
VAS & Intelligent Network Team Leader
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
