About the disgruntled employee - not saying to monitor specific people because they might cause a problem, but monitoring root (the user that causes problems) and alerting based on possible problems would indicate a disgruntled employee. :) Rob Marti > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > bounces@xxxxxxxxxx] On Behalf Of m.roth@xxxxxxxxx > Sent: Thursday, September 23, 2010 10:52 AM > To: General Red Hat Linux discussion list > Subject: RE: User Auditing > > Marti, Robert wrote: > > I'm a fan of auditing root keystrokes and shipping them off the box - > > you can see what happens if your server gets compromised or if you > > have a disgruntled employee by setting up alerts on the log correlation box. > > Plus it allows a historical view of an event that bash_history doesn't > > always - especially if the admin doesn't use a shell that has a history. > > Auditing normal users, however, typically isn't worth it. > > > Ok, if you *know* you have a disgruntled employee. However, I worked at a > place about 4 years ago that implemented command logging of *every* > command of *every* user. Slowed the system down, visibly... and IMO, > created a hostile work environment, telling the employees that no, > management *did not* trust them, an attitude guaranteed to turn gruntled > employees into disgruntled ones. <g> > > You'll note I don't work there anymore (though that was for more reasons > than just this). > <snip> > > mark > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
