Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

RedHat Enterprise: how to spy on logged user (keylogger?) ???

Posted on 2006-11-06
11
Medium Priority
?
632 Views
Last Modified: 2013-11-13
I'm running RedHat Enterprise Linux 3 Update 8. This is a small setup dealing with 4 workstations on a Windows environment. All users are using csh shells. I'd like to install some sort of keylogger or anything of the sort to track the users. There's only two real users: normal user and root. What I'm looking for is to find what files users are deleting through the GUI (right click, delete or delete button). Most importantly, I want to log all commands input into the terminal.

Anything I can use?
0
Comment
Question by:bantillon
11 Comments
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 17886278
Ooops ar you sure what you're doing is Legal ??
0
 

Author Comment

by:bantillon
ID: 17886348
Yes, it's completely legal. I'm on the defensive because some files were deleted without a trace. There's no knowing if they were deleted manually (point and shoot) or through the terminal and if they were even deleted on purpose or mistake. I'd like to figure this out if it happens in the future by looking at logs since nobody will fess up about deleting them. It has happened 3 times already.

To better answer your question, employees' handbook mentions about how they have no real expectation of privacy.
0
 
LVL 40

Accepted Solution

by:
noci earned 2000 total points
ID: 17904718
Maybe it is better to use audit starts in RHEL 4, it might be backported to RHEL3
(audit daemon, audit package are the things to look for).
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:bantillon
ID: 17906285
I hope the word "spy" didn't make this question look misleading.

I'm not a big linux guru, so I don't know how I'd port that to RHEL3.
0
 
LVL 40

Expert Comment

by:noci
ID: 17906328
You don't have to port that RH did. Just try to install the audit rpm package
through up2date etc.
0
 

Author Comment

by:bantillon
ID: 18022219
I'm sorry, but I've had quite a bit of trouble installing Audit for RHEL3. It should be pretty simple, but I gave up trying to find the right dependent RPMs just to install audit.

Anything else out there? Maybe a one-click download for Audit?
0
 
LVL 40

Expert Comment

by:noci
ID: 18023594
You need

laus

I think only a devel & libs are available. (I have no RHEL so I cant' realy tell)

It requires chkconfig & coreutils.
 
0
 
LVL 4

Expert Comment

by:joshmia2001
ID: 18058096
 Just create an alias for rm to make it mv and mv all files to to a specific folder..  Anything else is going to be a little work, although from a GUI that probably wouldn't work.  You could pay me to come set you up! :D

Joshua McDowell
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month9 days, 22 hours left to enroll

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question