Root audit
David Bandel
david.bandel
Sun Jul 1 12:40:18 PDT 2007
On 7/1/07, Dirk Moolman <DirkM at agilitytech.co.za> wrote:
> -----Original Message-----
> From: linux-users-bounces at linux-sxs.org
> [mailto:linux-users-bounces at linux-sxs.org] On Behalf Of David Bandel
> Sent: 01 July 2007 06:07 PM
> To: Linux tips and tricks
> Subject: Re: Root audit
>
> On 7/1/07, Dirk Moolman <DirkM at agilitytech.co.za> wrote:
> > I need some help. I would like to audit specific accounts on my linux
> > servers. I know you can see the keyboard history, from files like
> > .bash_history, etc.
> >
> > Is it also possible to see for example, files that users updated on
> the
> > system ? ..... or if they changed network settings ?
> >
> > For example, let's say you were forced to give someone the root
> > password, and you want to trace what they did on the system - can this
> > be done ?
> >
>
>
> >Just make root run 'script' on each login. If the script file carries
> >a datetime on the suffix, several users can login as root and each
> >will have his own script file.
>
> >David A. Bandel
>
>
> Thank you, I will play around with this a bit. I see when you run
> script, it takes you into a sub-shell. I'll see if I can stick it into
> the profile before setting up the environment.
>
Look into exec. It replaces the current process (i.e., you run
everything after the exec in the new current process, not a subshell.
(similar to source for programs)
Ciao,
David A. Bandel
--
Focus on the dream, not the competition.
- Nemesis Air Racing Team motto
More information about the Linux-users
mailing list