LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   How can I find out ANYTHING a user is doing? (https://www.linuxquestions.org/questions/linux-general-1/how-can-i-find-out-anything-a-user-is-doing-258204/)

icyfire 11-22-2004 11:45 PM
How can I find out ANYTHING a user is doing?
 
Hi all,

I'm looking for a command to find out what anything a user is doing from an ssh terminal, basically beyond the scope of w or who. I'd like to know.. say, which folder a user is viewing, what command is being executed, what files are being accessed or copied, etc. If a user is using ssh, the only process listed with w is 'sshd'. When a friend is logged in, I'd like to know exactly what they're doing. Is there a log that keeps this information, a command that will list it, or is that limited by the ssh protocol?

Thanks,

~icy

SciYro 11-23-2004 12:39 AM
the grsec patch's for the kernel include extra loging features, one you might find useful is the exec logging, basically every command executed will be recoded in the log .... makes reading a pain so you will probably want to get a log viewer

hutuworm 11-23-2004 12:58 AM
You may want to try Snare for Linux
http://www.intersectalliance.com/projects/Snare/

student04 11-24-2004 05:21 PM
you could use top and filter out one username by pressing u

Tap-Out 11-24-2004 10:02 PM
If they're not using a GUI and they are using the command line same as you are, another thing you could do to see exactially what they were up to is.

Code:

cat /home/username/.bash_history
That will tell you every command they entered, be it a cd to get to a directory, a cat to look at a file or anything they excuted.

If they are running the GUI perhaps you could install something like VNC so that you can watch them, or even take control of them if need be.

Hope that helped a bit.

Cheers

Tap :D


All times are GMT -5. The time now is 08:56 PM.