We help IT Professionals succeed at work.

RedHat Enterprise: how to spy on logged user (keylogger?) ???

Medium Priority
698 Views
Last Modified: 2013-11-13
I'm running RedHat Enterprise Linux 3 Update 8. This is a small setup dealing with 4 workstations on a Windows environment. All users are using csh shells. I'd like to install some sort of keylogger or anything of the sort to track the users. There's only two real users: normal user and root. What I'm looking for is to find what files users are deleting through the GUI (right click, delete or delete button). Most importantly, I want to log all commands input into the terminal.

Anything I can use?
Comment
Watch Question

Kerem ERSOYPresident

Commented:
Ooops ar you sure what you're doing is Legal ??

Author

Commented:
Yes, it's completely legal. I'm on the defensive because some files were deleted without a trace. There's no knowing if they were deleted manually (point and shoot) or through the terminal and if they were even deleted on purpose or mistake. I'd like to figure this out if it happens in the future by looking at logs since nobody will fess up about deleting them. It has happened 3 times already.

To better answer your question, employees' handbook mentions about how they have no real expectation of privacy.
Software Engineer
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Maybe it is better to use audit starts in RHEL 4, it might be backported to RHEL3
(audit daemon, audit package are the things to look for).

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
I hope the word "spy" didn't make this question look misleading.

I'm not a big linux guru, so I don't know how I'd port that to RHEL3.
nociSoftware Engineer
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
You don't have to port that RH did. Just try to install the audit rpm package
through up2date etc.

Author

Commented:
I'm sorry, but I've had quite a bit of trouble installing Audit for RHEL3. It should be pretty simple, but I gave up trying to find the right dependent RPMs just to install audit.

Anything else out there? Maybe a one-click download for Audit?
nociSoftware Engineer
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
You need

laus

I think only a devel & libs are available. (I have no RHEL so I cant' realy tell)

It requires chkconfig & coreutils.
 
 Just create an alias for rm to make it mv and mv all files to to a specific folder..  Anything else is going to be a little work, although from a GUI that probably wouldn't work.  You could pay me to come set you up! :D

Joshua McDowell
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.