On 3/13/2014 5:32 PM, Shan, Rita wrote:
Could anyone kindly provide information on how we can monitor/log zLinux file
updates by timestamp and by user ID? We have a number of staff maintaining
zLinux system all with sudo privilege, we need to have a way to track file
updates by date/time/user-ID.
Does AIDE provides these kind of detailed level information? What kind of
overhead it will generate if we turned it on? Is there an inexpensive vendor
tool for this?
You can use the "audit" package for this. Note that once the user sudos
to root, then root will be the one logged as modifying the file.
However, sudo usage is also logged, so you might be able to correlate
the two events somehow.
Leland
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
