Hi folks, I'd like to know what's the best approach to tracking down user activity in a rhel box . My environment is a set of boxes that my group administers and share the root password with my customers. Obviously this approach isnt the best in terms of assessing liability, etc :-) so I wondered if anyone was in the same boat.
Basically I'd like to track what user issued what command, exactly when and logged from where (.bash_history and sudo log aren't very useful). On a second tought, I'd also like to log what files where accesed by a certain user (process "foo" launched by user "bar" that read the file "quuz" and erased file "zilch"). Apparently that's possible with a piece of software called audit: aucat/augrep/etc ; but I'm pretty confident it's not the audit package shipped in rhel5 -- can anybody prove me wrong?. Any suggestions? Thanks _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
