Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Software to log actions by root

Posted on 2000-04-12
6
Medium Priority
?
268 Views
Last Modified: 2010-04-21
Hello,

I need to know if there is a software that is able to log down all the actions by root. I require this as I need the root access to be held accountable for any actions.

Please recommend me the tools, short description on what they do and if possible URLs on where I can find more information on them.

Thanks a million in advance.
0
Comment
Question by:heemeng
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 

Accepted Solution

by:
encilar earned 600 total points
ID: 2710338
I think you don't need any third party software to handle this tracking process.  All you have to do is to let the root user to handle this task and create its own commands history.  I think all your concern is how will you going to track all of the commands that has been executed by the root.

All you have to do is to set the "history" of the root.  You can do this by adding a "set history" command to your root's .profile file.  For more info on the usage of the history command just type "man history".  And with a simple shell scripting, you can keep the command history to some other file inside your home directory.

I hope this would help you in keeping track of some of the administrative process that you are performing.
0
 

Author Comment

by:heemeng
ID: 2710663
Thanks encilar. This really exposes my lack of knowledge of Unix systems. I will follow on with your suggestions. However, I'm not too sure how to do/start what you suggested. Anyway, I'll try. In case I can't get it working, I'll post it on experts-exchange. Once again, thanks a lot.
0
 
LVL 21

Expert Comment

by:tfewster
ID: 2713737
Have a look at the "script" command as well (man script) - this will make a copy of output to the screen as well as the commands typed, so you can see what has been done within text based applications.

Unfortunatly an evil superuser can always switch these off before doing something bad...

I don't know of a way to track activity within graphical apps. unless they keep their own logs, e.g. sam (sysadmin tool in HPUX). Which Unix are you using?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:heemeng
ID: 2714349
I'll be using Solaris and Linux most likely.

Actually, I'm an IS auditor. I would need root access to verify certain compliance. However, I thought that it would be better (for me and the sysadmin) that all my actions are logged to references. That way, both of us can avoid any disputes and keep our arse clean.

But the problem is that (like you mentioned), someone can turn it off. Personally, I have no idea how but it still rankles to know that it is not a perfect solution. Sigh!

C'est la vie!
0
 
LVL 21

Expert Comment

by:tfewster
ID: 2717458
Who will watch the watchers...?

A few ideas for this situation:
- Ask the sysadm to change the password to one you know for when you need access, & change it again when you're finished. Have dates & times in writing.
- Log in as yourself & use "su -" to become root, to simplify tracking who was logged in & when from the standard logs.
- Use the "script" command to keep a log of as much as possible, so if you change something by mistake, the sysadm can reverse it. Avoid using graphical tools like "admintool", unless they keep a log (I can check for Solaris on Monday, but "man admintool" should [towards the end] tell you what files are used.
- Only become root when you absolutely have to; _Most_ "read" commands will work as a normal user, it's only if you try to change things that you need to be root.
- If you're checking up on the sysadm, have a third party with you.

Unfortunately I can STILL see ways of abusing most of these ideas... Good luck!

0
 

Author Comment

by:heemeng
ID: 2718211
Good question to ponder. Who should watch the watchers and who should watch these who watch the watchers...

Thanks tfewster for the valuable insight. Will take your advice.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question