Solved

Software to log actions by root

Posted on 2000-04-12
6
258 Views
Last Modified: 2010-04-21
Hello,

I need to know if there is a software that is able to log down all the actions by root. I require this as I need the root access to be held accountable for any actions.

Please recommend me the tools, short description on what they do and if possible URLs on where I can find more information on them.

Thanks a million in advance.
0
Comment
Question by:heemeng
  • 3
  • 2
6 Comments
 

Accepted Solution

by:
encilar earned 150 total points
ID: 2710338
I think you don't need any third party software to handle this tracking process.  All you have to do is to let the root user to handle this task and create its own commands history.  I think all your concern is how will you going to track all of the commands that has been executed by the root.

All you have to do is to set the "history" of the root.  You can do this by adding a "set history" command to your root's .profile file.  For more info on the usage of the history command just type "man history".  And with a simple shell scripting, you can keep the command history to some other file inside your home directory.

I hope this would help you in keeping track of some of the administrative process that you are performing.
0
 

Author Comment

by:heemeng
ID: 2710663
Thanks encilar. This really exposes my lack of knowledge of Unix systems. I will follow on with your suggestions. However, I'm not too sure how to do/start what you suggested. Anyway, I'll try. In case I can't get it working, I'll post it on experts-exchange. Once again, thanks a lot.
0
 
LVL 20

Expert Comment

by:tfewster
ID: 2713737
Have a look at the "script" command as well (man script) - this will make a copy of output to the screen as well as the commands typed, so you can see what has been done within text based applications.

Unfortunatly an evil superuser can always switch these off before doing something bad...

I don't know of a way to track activity within graphical apps. unless they keep their own logs, e.g. sam (sysadmin tool in HPUX). Which Unix are you using?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:heemeng
ID: 2714349
I'll be using Solaris and Linux most likely.

Actually, I'm an IS auditor. I would need root access to verify certain compliance. However, I thought that it would be better (for me and the sysadmin) that all my actions are logged to references. That way, both of us can avoid any disputes and keep our arse clean.

But the problem is that (like you mentioned), someone can turn it off. Personally, I have no idea how but it still rankles to know that it is not a perfect solution. Sigh!

C'est la vie!
0
 
LVL 20

Expert Comment

by:tfewster
ID: 2717458
Who will watch the watchers...?

A few ideas for this situation:
- Ask the sysadm to change the password to one you know for when you need access, & change it again when you're finished. Have dates & times in writing.
- Log in as yourself & use "su -" to become root, to simplify tracking who was logged in & when from the standard logs.
- Use the "script" command to keep a log of as much as possible, so if you change something by mistake, the sysadm can reverse it. Avoid using graphical tools like "admintool", unless they keep a log (I can check for Solaris on Monday, but "man admintool" should [towards the end] tell you what files are used.
- Only become root when you absolutely have to; _Most_ "read" commands will work as a normal user, it's only if you try to change things that you need to be root.
- If you're checking up on the sysadm, have a third party with you.

Unfortunately I can STILL see ways of abusing most of these ideas... Good luck!

0
 

Author Comment

by:heemeng
ID: 2718211
Good question to ponder. Who should watch the watchers and who should watch these who watch the watchers...

Thanks tfewster for the valuable insight. Will take your advice.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now