Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Log a user's activity

Posted on 2000-03-27
7
Medium Priority
?
293 Views
Last Modified: 2010-04-20
Is there any way in which I can log a specific user's activity? I've got a user, of the group user, login name user1. I want to log everything this user types in a file only accessible by root, and (if possible) all the output this user receives.
0
Comment
Question by:washoutt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 2660800
I don't know of any built in way to do that. It sounds like you suspect this user of some sort of improper activity and if I knew a bit more about the situation I might be able to suggest alternatives.
0
 
LVL 4

Expert Comment

by:kiffney
ID: 2660952
If this is just for idle curiosity, then what you're planning to do is unethical, and if you did it to me I'd kick your ass.  If this is a security issue, you should read the Security-HOWTO at
http://howto.tucows.com/LDP/HOWTO/Security-HOWTO.html
0
 
LVL 2

Expert Comment

by:EatEmAndSmile
ID: 2661341
The file named .bash_history under the user's home directory logs everything the user types. It's the file responsible for the feature that allow you to press the up arrow and see the other command lines you've typed before, even after a shutdown. That doesn't stay in the RAM like in DOSKEY.

 So all you'd have to do is to create a script that would make a copy of that file of the user to be watched and add this script on the crontab to be run regularly. This way you'd keep an updated copy of it say every minute.

 To log the output the user get in the screen would be much harder, I really don't know how to do that. I don't think it's possible, also. But I think you can judge the user's actions from it's commands.

 Good luck!
0
Interactive Way of Training for the AWS CSA Exam

An interactive way of learning that will help you visualize core concepts so that you can be more effective when taking your AWS certification exam.  Built for students by a student to help them understand the concepts that they are being taught.

 

Expert Comment

by:ghins76
ID: 2663820
There is a superb program called "script" which gives you an entire transcript of everything that the user does.  It is part of a package called util-linux-2.9w-24. Just check it out.
0
 
LVL 2

Expert Comment

by:GP1628
ID: 2664564
Turning "history" on is a common thing for sysadmins to do if they suspect a user. The exact setting is different depending on what shell the user is using. (the last item on his line in /etc/passwd file, or doing a "fiinger" on his login may tell you) But history only shows what the person types.

If you really want to see what he gets back then you might try putting a "tee" command into his login file to pipe all of his stuff to a file and back to his console at the same time.

If he is hacking you its much easier (and more fun) to find a sniffer he leaves running and use his own snif logs against him. :-)

Gandalf  Parker
0
 

Accepted Solution

by:
hugonz earned 100 total points
ID: 2783396
If the user logs in via telnet, you can set up a telnet daemon in inetd.conf called ttysnoop

All the instructions are in /etc/inetd.conf itself. You should comment out ordinary in.telnet and uncomment this one. You are also instructed to read a man page...
0
 

Expert Comment

by:hugonz
ID: 2829247
Additional info....

Be aware that your typing into the other user's tty using ttysnoop will show on HIS/HER tty. This way you get control on his tty...

Also, they can see (if they're kinda proficient in Linux /Unix) that they can be snooped by typing
$ps aux

They'll see the in.ttysnoop (or the name of the daemon) instead of if.telnetd..anyway they're unable to tell if they're being snooped, but they can see it's enabled in the server.

Hugonz
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question