OAC Technology
asked on
Enable logging on Linux SSH/SVN server.
Hi,
We have a linux server that is running SVN repositories, apache, and SSH terminal. Is there a way to enable logging so we can see which users are accessing the SSH/apache server, accessing/modifying/deleti ng files, etc, and write the logs to file?
Thank you
We have a linux server that is running SVN repositories, apache, and SSH terminal. Is there a way to enable logging so we can see which users are accessing the SSH/apache server, accessing/modifying/deleti
Thank you
ASKER
How do I use sudoers and activate logging?
Thanks
Thanks
Installing sudo
yum install sudo
after sudo installed, then edit : /etc/sudoers file
and add this line :
Defaults logfile=/var/log/sudo.log"
add a user in /etc/sudoers file to work with sudo command
what is sudo and su command : http://kb.iu.edu/data/amyi.html
some article about sudoers
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch09_:_Linux_Users_and_Sudo#The_.2Fetc.2Fsudoers_File
http://edipage.wordpress.com/2008/09/30/quickly-secure-centos-5-by-enabling-sudo-disabling-root-and-limiting-access/
yum install sudo
after sudo installed, then edit : /etc/sudoers file
and add this line :
Defaults logfile=/var/log/sudo.log"
add a user in /etc/sudoers file to work with sudo command
what is sudo and su command : http://kb.iu.edu/data/amyi.html
some article about sudoers
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch09_:_Linux_Users_and_Sudo#The_.2Fetc.2Fsudoers_File
http://edipage.wordpress.com/2008/09/30/quickly-secure-centos-5-by-enabling-sudo-disabling-root-and-limiting-access/
ASKER
This looks like it only logs actions when users use the sudo command. Is this the case? If it is, I need something that would log all normal user actions without any other commands on their part. Thanks for the help
yes, sudo log will write what user has typed in the system but user will have to use sudo command
have you tryed the link i have post whowatch
have you tryed the link i have post whowatch
this information "which users are accessing the SSH/apache server," can be easily get by whowatch
but this "accessing/modifying/delet ing files, etc, and write the logs to file? = do want to get realtime info ??
but this "accessing/modifying/delet
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you, it looks like audit does what we need. There seems to be tons of information held in the log file and that makes it hard to read. ausearch -i works fine when searching for one file, but do you know of a log parser that would make the audit.log file easier to read as a whole?
Thanks again for all the help
Thanks again for all the help
here is some log analyzer
but not sure if one of those are for audit,
http://www.linux.org/apps/all/Administration/Log_Analyzers.html
i will have a look at net and will come back to you
but not sure if one of those are for audit,
http://www.linux.org/apps/all/Administration/Log_Analyzers.html
i will have a look at net and will come back to you
and activate log for sudoers, it will write in that log file , which users was doing what
and also have a look at this article
http://www.cyberciti.biz/faq/monitor-linux-user-activity-in-real-time/
which is related to this http://www.cyberciti.biz/tips/linux-and-unix-interactive-process-and-users-monitoring-tool.html