LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-26-2002, 04:48 AM   #1
atlantislim
LQ Newbie
 
Registered: Aug 2002
Posts: 4

Rep: Reputation: 0
Question User action tracing


Hi all, is it possible for system admin to trace the user actions like command and date/time he/she issue?

Regards

Last edited by atlantislim; 08-26-2002 at 04:49 AM.
 
Old 08-26-2002, 01:09 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
if you want logging the command *and* time an easy way I would suggest you look into the Grsecurity kernel patch. It's got an option called Trusted Path Execution which you can switch (on|off|$UID). Quite, kewl, Grsec also has the same options (not under TPE tho) for logging all users commands in a chroot...
 
Old 08-26-2002, 02:32 PM   #3
pk21
Member
 
Registered: Jun 2002
Location: Netherlands - Amsterdam
Distribution: RedHat 9
Posts: 549

Rep: Reputation: 30
You can just check there history. But i don't think there will be any timestamps.
 
Old 08-26-2002, 05:42 PM   #4
neo77777
LQ Addict
 
Registered: Dec 2001
Location: Brooklyn, NY
Distribution: *NIX
Posts: 3,704

Rep: Reputation: 55
If you worry about users executing commands they are not supposed to execute, then play a little bit more curious admin, look under user's history what commands gets executed more often (you can strip out ls, cd, etc) and then you can setup sudo for users to execute commands and log what these commands were, who executed a particular command and when these commands were executed
 
Old 08-26-2002, 07:19 PM   #5
atlantislim
LQ Newbie
 
Registered: Aug 2002
Posts: 4

Original Poster
Rep: Reputation: 0
Cause I wanna trace who using what command on when due the my senior request(On Linux and AIX too). Except from patching the kernel, is it other external tool to do so ?

Thanks for help and suggestion

Last edited by atlantislim; 08-26-2002 at 07:20 PM.
 
Old 08-26-2002, 08:51 PM   #6
neo77777
LQ Addict
 
Registered: Dec 2001
Location: Brooklyn, NY
Distribution: *NIX
Posts: 3,704

Rep: Reputation: 55
Look at sudo. http://www.courtesan.com/sudo/
 
Old 08-26-2002, 08:57 PM   #7
neo77777
LQ Addict
 
Registered: Dec 2001
Location: Brooklyn, NY
Distribution: *NIX
Posts: 3,704

Rep: Reputation: 55
There is another method we use at work to log all the commands user might execute, we call it como, I'll ask tomorrow for a permission to get a sneak view how it is constructed, I am not sure if it is a UNIX package (the google yielded no results except Spanish web pages) or it was written by one of our developers back in 80's.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Tracing the system calls arunachalam Linux - Software 2 09-24-2005 02:41 AM
Tracing kernel compile Clementine Linux - Newbie 0 02-14-2005 01:28 PM
Tracing which user logs onto which PC kenji1903 Linux - Networking 13 09-13-2004 10:04 AM
tracing ips endezeichen Linux - Networking 6 11-27-2003 07:38 AM
Tracing and debugging ravichella Programming 4 10-30-2003 03:33 PM


All times are GMT -5. The time now is 06:20 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration