Solved

RedHat Enterprise: how to spy on logged user (keylogger?) ???

Posted on 2006-11-06
11
590 Views
Last Modified: 2013-11-13
I'm running RedHat Enterprise Linux 3 Update 8. This is a small setup dealing with 4 workstations on a Windows environment. All users are using csh shells. I'd like to install some sort of keylogger or anything of the sort to track the users. There's only two real users: normal user and root. What I'm looking for is to find what files users are deleting through the GUI (right click, delete or delete button). Most importantly, I want to log all commands input into the terminal.

Anything I can use?
0
Comment
Question by:bantillon
11 Comments
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 17886278
Ooops ar you sure what you're doing is Legal ??
0
 

Author Comment

by:bantillon
ID: 17886348
Yes, it's completely legal. I'm on the defensive because some files were deleted without a trace. There's no knowing if they were deleted manually (point and shoot) or through the terminal and if they were even deleted on purpose or mistake. I'd like to figure this out if it happens in the future by looking at logs since nobody will fess up about deleting them. It has happened 3 times already.

To better answer your question, employees' handbook mentions about how they have no real expectation of privacy.
0
 
LVL 39

Accepted Solution

by:
noci earned 500 total points
ID: 17904718
Maybe it is better to use audit starts in RHEL 4, it might be backported to RHEL3
(audit daemon, audit package are the things to look for).
0
 

Author Comment

by:bantillon
ID: 17906285
I hope the word "spy" didn't make this question look misleading.

I'm not a big linux guru, so I don't know how I'd port that to RHEL3.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 39

Expert Comment

by:noci
ID: 17906328
You don't have to port that RH did. Just try to install the audit rpm package
through up2date etc.
0
 

Author Comment

by:bantillon
ID: 18022219
I'm sorry, but I've had quite a bit of trouble installing Audit for RHEL3. It should be pretty simple, but I gave up trying to find the right dependent RPMs just to install audit.

Anything else out there? Maybe a one-click download for Audit?
0
 
LVL 39

Expert Comment

by:noci
ID: 18023594
You need

laus

I think only a devel & libs are available. (I have no RHEL so I cant' realy tell)

It requires chkconfig & coreutils.
 
0
 
LVL 4

Expert Comment

by:joshmia2001
ID: 18058096
 Just create an alias for rm to make it mv and mv all files to to a specific folder..  Anything else is going to be a little work, although from a GUI that probably wouldn't work.  You could pay me to come set you up! :D

Joshua McDowell
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

One of the most frequently asked questions on EE in the "Windows Installer" zone is how to eliminate self-triggered installation of some product.  The problem occurs when, suddenly, whenever a certain application is launched, or even when a folder i…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now