Solved

RedHat Enterprise: how to spy on logged user (keylogger?) ???

Posted on 2006-11-06
11
597 Views
Last Modified: 2013-11-13
I'm running RedHat Enterprise Linux 3 Update 8. This is a small setup dealing with 4 workstations on a Windows environment. All users are using csh shells. I'd like to install some sort of keylogger or anything of the sort to track the users. There's only two real users: normal user and root. What I'm looking for is to find what files users are deleting through the GUI (right click, delete or delete button). Most importantly, I want to log all commands input into the terminal.

Anything I can use?
0
Comment
Question by:bantillon
11 Comments
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 17886278
Ooops ar you sure what you're doing is Legal ??
0
 

Author Comment

by:bantillon
ID: 17886348
Yes, it's completely legal. I'm on the defensive because some files were deleted without a trace. There's no knowing if they were deleted manually (point and shoot) or through the terminal and if they were even deleted on purpose or mistake. I'd like to figure this out if it happens in the future by looking at logs since nobody will fess up about deleting them. It has happened 3 times already.

To better answer your question, employees' handbook mentions about how they have no real expectation of privacy.
0
 
LVL 40

Accepted Solution

by:
noci earned 500 total points
ID: 17904718
Maybe it is better to use audit starts in RHEL 4, it might be backported to RHEL3
(audit daemon, audit package are the things to look for).
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 

Author Comment

by:bantillon
ID: 17906285
I hope the word "spy" didn't make this question look misleading.

I'm not a big linux guru, so I don't know how I'd port that to RHEL3.
0
 
LVL 40

Expert Comment

by:noci
ID: 17906328
You don't have to port that RH did. Just try to install the audit rpm package
through up2date etc.
0
 

Author Comment

by:bantillon
ID: 18022219
I'm sorry, but I've had quite a bit of trouble installing Audit for RHEL3. It should be pretty simple, but I gave up trying to find the right dependent RPMs just to install audit.

Anything else out there? Maybe a one-click download for Audit?
0
 
LVL 40

Expert Comment

by:noci
ID: 18023594
You need

laus

I think only a devel & libs are available. (I have no RHEL so I cant' realy tell)

It requires chkconfig & coreutils.
 
0
 
LVL 4

Expert Comment

by:joshmia2001
ID: 18058096
 Just create an alias for rm to make it mv and mv all files to to a specific folder..  Anything else is going to be a little work, although from a GUI that probably wouldn't work.  You could pay me to come set you up! :D

Joshua McDowell
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to demonstrate how we can use conditional statements using Python.
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question