Solved

Red Hat LInux

Posted on 2012-12-31
3
505 Views
Last Modified: 2013-01-20
How can I enable a log to see what people change on the server, including files, installations and configuration.  Or is there an open source software for this?
0
Comment
Question by:Jack_son_
3 Comments
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 167 total points
ID: 38732922
Set up and activate the auditing subsystem which is part of Linux.

Here is how to do it:

https://www.suse.com/documentation/sled10/pdfdoc/auditqs_sp2/auditqs_sp2.pdf

Although the document above states to be meant for SuSE the instructions given there will work for almost any Linux.
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 166 total points
ID: 38733256
Sudo maintains a log of what is being done.  Using cvs/subversion to maintain config revisions or better still use puppet to manage server configuration from a central setup.
You need to define the scale and scope of what you are trying do.
Using syslog/rsyslog to centralize logs in one location would provide you with information after the fact.
0
 
LVL 25

Accepted Solution

by:
madunix earned 167 total points
ID: 38738984
The audit logging should be configured in your system. You may give a try with pam_tty_audit module if you want to keep a track of all commands they use. You can enable this module only for a particular user, then track the commands executed by that user.  

Another method would be using sudo, with sudo you get each and every commands logged into /var/log/secure file, so it's easy to track user activities.  

You could also check http://people.redhat.com/sgrubb/audit/

Read (Sample for Redhat)
How can I log all the commands that are run by root? - http://kbase.redhat.com/faq/docs/DOC-9131
How can I use audit to see who changed a file in Red Hat Enterprise Linux? - http://kbase.redhat.com/faq/docs/DOC-10108
How do I configure audit to log all files opened on a system in Red Hat Enterprise Linux? - http://kbase.redhat.com/faq/docs/DOC-7428
http://tldp.org/HOWTO/Process-Accounting/
http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html
http://www.linuxjournal.com/article/6144
http://www.sudo.ws/sudo/sudoers.man.html
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now