?
Solved

Track user activity on UNIX

Posted on 2012-08-28
3
Medium Priority
?
527 Views
Last Modified: 2012-09-01
Hello experts,
i have a user that deleted work files saved on a shared folder on our system.
is there any way to access a log the provided information that would prove that they deleted these files?
0
Comment
Question by:dina78
3 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 38339998
what is the OS?

If the user is using ksh or bash then you could look at commands history in their home dir:

kash: ~/.sh_history

bash: ~/.bash_history
0
 
LVL 6

Expert Comment

by:Tomunique
ID: 38344471
if you have auditing enabled, you can probably find the exact details in there...
but, how it's configured would depend on which os flavor you're using.
0
 
LVL 25

Accepted Solution

by:
madunix earned 2000 total points
ID: 38358235
The audit logging should be configured in your system. You may give a try with pam_tty_audit module if you want to keep a track of all commands they use. You can enable this module only for a particular user, then track the commands executed by that user.  

Another method would be using sudo, with sudo you get each and every commands logged into /var/log/secure file, so it's easy to track user activities.  

You could also check http://people.redhat.com/sgrubb/audit/

Read (Sample for Redhat)
How can I log all the commands that are run by root? - http://kbase.redhat.com/faq/docs/DOC-9131
How can I use audit to see who changed a file in Red Hat Enterprise Linux? - http://kbase.redhat.com/faq/docs/DOC-10108
How do I configure audit to log all files opened on a system in Red Hat Enterprise Linux? - http://kbase.redhat.com/faq/docs/DOC-7428
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question