On Sun, 6 Feb 2005 03:39 pm, Ricky wrote: > Hi All > > is there a way to find out what user did without .history file ? > > the user is using csh > > cheers > R
Not directly. You can imply what *might* have happened from the changes
made. Best option is to install a key-logger. We use key-loggers on all
our core *nix boxen mainly because there are a few people with root's
password (7 or 8 senior admins - the rest get sudo). Root's .history file
is a symlink to /dev/null. So we use a keylogger that sends all the
keystrokes to another machine :) Sorta like remote syslog.
Google around - there are plenty of key-loggers for different platforms and
they all have strengths and weaknesses.
Cheers,
James
--
"I do not fear computers. I fear the lack of them."
-- Isaac Asimov
pgpmBroZP7WfO.pgp
Description: PGP signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
