Quote:
Originally Posted by jaydul
I need A keylogger for for centOS server. Because it my server sometime system administrator work on my server.but they change password/delete command. I wanna monitor my server and my system admin. what he doing on my server its possible with any keylogger?
|
As stated before: if you can not trust an admin to perform requested tasks and nothing else then they should be corrected or not get access in the first place. That said what you're looking for is not a key logger but extending your auditing capabilities. First of all since the user gains root privileges you have to set up a few things before you can start logging:
- ensure you have all-encompassing, current backups (and test restoring those!),
- exfiltrate audit logging using a remote syslog server,
- implement a HIDS (like Samhain due to remote database, logging, use of inotify and continuous monitoring mode),
- a service monitor,
- install rootsh (make it log to syslog obviously), and
- ensure you have a good set of auditd rules.
With that in place, and having hired the services of a reputable sysadm, you have:
- no problem telling the admin he/she's being audited (psyops does work wonders for most),
- an almost-complete remote audit trail, and
- the means to revert any unwarranted changes (provided you possess Out of Band access ;-p).