Track user activity on UNIX

Posted on 2012-08-28
Last Modified: 2012-09-01
Hello experts,
i have a user that deleted work files saved on a shared folder on our system.
is there any way to access a log the provided information that would prove that they deleted these files?
Question by:dina78
    LVL 40

    Expert Comment

    what is the OS?

    If the user is using ksh or bash then you could look at commands history in their home dir:

    kash: ~/.sh_history

    bash: ~/.bash_history
    LVL 6

    Expert Comment

    if you have auditing enabled, you can probably find the exact details in there...
    but, how it's configured would depend on which os flavor you're using.
    LVL 25

    Accepted Solution

    The audit logging should be configured in your system. You may give a try with pam_tty_audit module if you want to keep a track of all commands they use. You can enable this module only for a particular user, then track the commands executed by that user.  

    Another method would be using sudo, with sudo you get each and every commands logged into /var/log/secure file, so it's easy to track user activities.  

    You could also check

    Read (Sample for Redhat)
    How can I log all the commands that are run by root? -
    How can I use audit to see who changed a file in Red Hat Enterprise Linux? -
    How do I configure audit to log all files opened on a system in Red Hat Enterprise Linux? -

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Suggested Solutions

    I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (…
    Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
    This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
    In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now