Red Hat LInux
How can I enable a log to see what people change on the server, including files, installations and configuration. Or is there an open source software for this?
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Set up and activate the auditing subsystem which is part of Linux.
Here is how to do it:
https://www.suse.com/documentation/sled10/pdfdoc/auditqs_sp2/auditqs_sp2.pdf
Although the document above states to be meant for SuSE the instructions given there will work for almost any Linux.
Here is how to do it:
https://www.suse.com/documentation/sled10/pdfdoc/auditqs_sp2/auditqs_sp2.pdf
Although the document above states to be meant for SuSE the instructions given there will work for almost any Linux.
Sudo maintains a log of what is being done. Using cvs/subversion to maintain config revisions or better still use puppet to manage server configuration from a central setup.
You need to define the scale and scope of what you are trying do.
Using syslog/rsyslog to centralize logs in one location would provide you with information after the fact.
You need to define the scale and scope of what you are trying do.
Using syslog/rsyslog to centralize logs in one location would provide you with information after the fact.
The audit logging should be configured in your system. You may give a try with pam_tty_audit module if you want to keep a track of all commands they use. You can enable this module only for a particular user, then track the commands executed by that user.
Another method would be using sudo, with sudo you get each and every commands logged into /var/log/secure file, so it's easy to track user activities.
You could also check http://people.redhat.com/sgrubb/audit/
Read (Sample for Redhat)
How can I log all the commands that are run by root? - http://kbase.redhat.com/faq/docs/DOC-9131
How can I use audit to see who changed a file in Red Hat Enterprise Linux? - http://kbase.redhat.com/faq/docs/DOC-10108
How do I configure audit to log all files opened on a system in Red Hat Enterprise Linux? - http://kbase.redhat.com/faq/docs/DOC-7428
http://tldp.org/HOWTO/Process-Accounting/
http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html
http://www.linuxjournal.com/article/6144
http://www.sudo.ws/sudo/sudoers.man.html
Another method would be using sudo, with sudo you get each and every commands logged into /var/log/secure file, so it's easy to track user activities.
You could also check http://people.redhat.com/sgrubb/audit/
Read (Sample for Redhat)
How can I log all the commands that are run by root? - http://kbase.redhat.com/faq/docs/DOC-9131
How can I use audit to see who changed a file in Red Hat Enterprise Linux? - http://kbase.redhat.com/faq/docs/DOC-10108
How do I configure audit to log all files opened on a system in Red Hat Enterprise Linux? - http://kbase.redhat.com/faq/docs/DOC-7428
http://tldp.org/HOWTO/Process-Accounting/
http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html
http://www.linuxjournal.com/article/6144
http://www.sudo.ws/sudo/sudoers.man.html
Premium Content
You need an Expert Office subscription to comment.Start Free Trial