Logging all the user activities, and commands

Hi All,
   I want to create some sort of Audit Log to audit the users activities, and the commands they are entering on a Sun Solaris system (V.8.0) and generate an audit log for so, and on the other hand the user should not have the previlige to disable the logging for his activity.
    I hope to find any clue soon, as that is threatening my system.
A_HASSANAsked:
Who is Participating?
 
yuzhCommented:
You can  use -- "bsmconv" -- BSM (Basic Security Module) Auditing, it is installed on your system, but disabled by default, all you need to do is to configure and enable it. Once you get it runing, you can check all the users' command history. (eg use "lastcomm")
man bsmconv
man lastcomm

to learn more details.
http://www.boran.com/security/sp/Solaris_bsm.html
http://docs.sun.com     -- Search for BSM


and
http:Q_10058861.html
0
 
ahnbergCommented:
Please study the document published at the following URL to learn about system accounting using Solaris 8.

http://docs.sun.com/app/docs/doc/805-7229/6j6q8svga?a=view
0
 
root_startCommented:
Hi A_HASSAN,

Try to read some about it in the sun man pages for: audit -> man audit
There you are going to find some information about the audit command and also other commands.
From Man pages:
=================================================================
SEE ALSO
     bsmconv(1M),   praudit(1M),   audit(2),    audit_control(4),
     audit_user(4), attributes(5)
=================================================================

Also, if you really want to know how audit works in Unix systems, you can check the following link: http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1004976,00.html

In the following link you will find out how to set up audit http://docs.sun.com/app/docs/doc/805-8057?q=Audit+trail

I hope it helps you. =0)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.