Solved

Red Hat LInux

Posted on 2012-12-31
3
513 Views
Last Modified: 2013-01-20
How can I enable a log to see what people change on the server, including files, installations and configuration.  Or is there an open source software for this?
0
Comment
Question by:Jack_son_
3 Comments
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 167 total points
ID: 38732922
Set up and activate the auditing subsystem which is part of Linux.

Here is how to do it:

https://www.suse.com/documentation/sled10/pdfdoc/auditqs_sp2/auditqs_sp2.pdf

Although the document above states to be meant for SuSE the instructions given there will work for almost any Linux.
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 166 total points
ID: 38733256
Sudo maintains a log of what is being done.  Using cvs/subversion to maintain config revisions or better still use puppet to manage server configuration from a central setup.
You need to define the scale and scope of what you are trying do.
Using syslog/rsyslog to centralize logs in one location would provide you with information after the fact.
0
 
LVL 25

Accepted Solution

by:
madunix earned 167 total points
ID: 38738984
The audit logging should be configured in your system. You may give a try with pam_tty_audit module if you want to keep a track of all commands they use. You can enable this module only for a particular user, then track the commands executed by that user.  

Another method would be using sudo, with sudo you get each and every commands logged into /var/log/secure file, so it's easy to track user activities.  

You could also check http://people.redhat.com/sgrubb/audit/

Read (Sample for Redhat)
How can I log all the commands that are run by root? - http://kbase.redhat.com/faq/docs/DOC-9131
How can I use audit to see who changed a file in Red Hat Enterprise Linux? - http://kbase.redhat.com/faq/docs/DOC-10108
How do I configure audit to log all files opened on a system in Red Hat Enterprise Linux? - http://kbase.redhat.com/faq/docs/DOC-7428
http://tldp.org/HOWTO/Process-Accounting/
http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html
http://www.linuxjournal.com/article/6144
http://www.sudo.ws/sudo/sudoers.man.html
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Adding more CPU cores to a Linux VM 5 93
Run DOS2UNIX and then execute the command 21 70
centos commands 6 48
Run Secure WMI query from CentOS 5 24
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now