LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-16-2011, 01:22 PM   #1
hmutual2
LQ Newbie
 
Registered: Feb 2011
Posts: 10

Rep: Reputation: 0
VNC Log


I was told that a user can VNC to the server as root. I there a way to create a central log to record who, when and what was done during a VNC session?
 
Old 02-16-2011, 02:31 PM   #2
xeleema
Member
 
Registered: Aug 2005
Location: D.i.t.h.o, Texas
Distribution: Slackware 13.x, rhel3/5, Solaris 8-10(sparc), HP-UX 11.x (pa-risc)
Posts: 987
Blog Entries: 4

Rep: Reputation: 252Reputation: 252Reputation: 252
Greetingz!

You're not going to get a complete picture of what someone's doing thru a GUI unless every GUI-based application they launch also logs. However, here's a few things you can do;

1) Watch the VNC logs (yes, it logs, just not a whole lot)
2) Tweak their shell's history. If it's bash, here's a good article.

On a side note; why are they VNC'ing into a system as root?
If there's any way you can break the user of that behavior, I would highly recommend you do so. There's no reason for it.

If the user needs to lauch a GUI-based program as root, then they can do the following;

1) Connect to the system via VNC as a regular user.
2) Open a terminal (xterm, konsole, etc), and either sudo or su to root.
3) Type "xhost +localhost" (as root), this will allow the local system to access the "local" X display.
4) Lauch their GUI-based app.
NOTE: It may be worth your while to investigate why they need root-access on the system in the first place.
 
Old 02-18-2011, 10:30 AM   #3
hmutual2
LQ Newbie
 
Registered: Feb 2011
Posts: 10

Original Poster
Rep: Reputation: 0
My Linux admin keeps telling me that they need root access to administer the server. I have two questions

1. Can they just most task (updates, patches via su)?

2. If a user has root access can they delete/modify syslogs?
 
Old 02-18-2011, 10:40 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
you should *NEVER* run vnc as root, there's never any need. as you asked, su, or sudo, will give them the access they need. they can't do "most tasks" they can do anything. and yes they can delete logs as they can do anything. you could use sudoers to expose a subset of commands and not give full root access, but it's hard to make it watertight for much control.
 
Old 02-18-2011, 10:50 AM   #5
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,211

Rep: Reputation: 1612Reputation: 1612Reputation: 1612Reputation: 1612Reputation: 1612Reputation: 1612Reputation: 1612Reputation: 1612Reputation: 1612Reputation: 1612Reputation: 1612
Its a horrible idea to run VNC as root.

if you are interested in recording everything that a user does, you could always auto-run "Istanbul desktop recorder" when someone logs in via VNC... this will make a video of everything they do.

Disk intensive, but could be worth checking it out, depending on your needs.
 
Old 02-18-2011, 10:56 AM   #6
hmutual2
LQ Newbie
 
Registered: Feb 2011
Posts: 10

Original Poster
Rep: Reputation: 0
Ok, that's what I thought. And regarding capabilities, can it be set up that a user can only do certain task as a su or sudo user?

Last edited by hmutual2; 02-18-2011 at 11:16 AM.
 
Old 02-18-2011, 03:14 PM   #7
xeleema
Member
 
Registered: Aug 2005
Location: D.i.t.h.o, Texas
Distribution: Slackware 13.x, rhel3/5, Solaris 8-10(sparc), HP-UX 11.x (pa-risc)
Posts: 987
Blog Entries: 4

Rep: Reputation: 252Reputation: 252Reputation: 252
Quote:
Originally Posted by hmutual2 View Post
Ok, that's what I thought. And regarding capabilities, can it be set up that a user can only do certain task as a su or sudo user?
Quick-n-Dirty Fix:
1) Drop this VNC nonsense. I manage a few thousand servers from my one lil UNIX system.
Your "Linux Administrator" needs to run VNC as root like a surgeon needs a Machete for a scalpel.
2) Giving him apropriate sudo access means you either;
a) micro-manage every single command he will need to use (this will get very old, trust me), or
b) give him "%wheel ALL=(ALL)", which means he could just "sudo su - " then "passwd root" and lock you out of your system.

Translation:
No he doesn't need a VNC session that's launched with root permissions. That's "Windows Administrator Thinking" that is going to either cost him his job, or you a lot of time (or dataloss).
He should launch a VNC session under his own username, then open an Xterm and "su -" as needed.

If he's your "Linux Administrator", you're going to have to trust him to some degree (though abuse of root access is a huge red flag for me).

Does this guy have an RHCE by chance? (I've been seeing a lot of "RHCE == MCSE" type of behavior recently....I'm wondering if there's reason to worry).

Last edited by xeleema; 02-18-2011 at 03:16 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vnc and timer log in terminal grizmine Linux - Software 1 01-22-2007 08:19 PM
How to use VNC to log into Linux PC from a Windows PC using SSH purplehaze5775 Linux - Software 1 11-19-2006 05:35 PM
VNC server available without log on mteixeira Linux - Newbie 3 11-08-2005 03:36 PM
VNC - can log in but get empty X screen davedenis Linux - Software 7 03-01-2004 05:59 PM
VNC : can log in but i dont have a Gnome GUI jasoncngo Linux - Software 5 03-20-2003 06:29 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration