Hi folks,

I'd like to know what's the best approach to tracking down user
activity in a rhel box . My environment is a set of boxes that my
group administers and share the root password with my customers.
Obviously this approach isnt the best in terms of assessing liability,
etc :-)  so I wondered if anyone was in the same boat.

Basically I'd like to track what user issued what command, exactly
when and logged from where  (.bash_history and sudo log aren't very
useful).

On a second tought, I'd also like to log what files where accesed by a
certain user (process "foo" launched by user "bar" that read the file
"quuz" and erased file "zilch"). Apparently that's possible with a
piece of software called audit: aucat/augrep/etc ; but I'm pretty
confident it's not the audit package shipped in rhel5 -- can anybody
prove me wrong?.

Any suggestions?

Thanks

_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list

Reply via email to