Solved

Red Hat LInux

Posted on 2012-12-31
3
538 Views
Last Modified: 2013-01-20
How can I enable a log to see what people change on the server, including files, installations and configuration.  Or is there an open source software for this?
0
Comment
Question by:Jack_son_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 167 total points
ID: 38732922
Set up and activate the auditing subsystem which is part of Linux.

Here is how to do it:

https://www.suse.com/documentation/sled10/pdfdoc/auditqs_sp2/auditqs_sp2.pdf

Although the document above states to be meant for SuSE the instructions given there will work for almost any Linux.
0
 
LVL 78

Assisted Solution

by:arnold
arnold earned 166 total points
ID: 38733256
Sudo maintains a log of what is being done.  Using cvs/subversion to maintain config revisions or better still use puppet to manage server configuration from a central setup.
You need to define the scale and scope of what you are trying do.
Using syslog/rsyslog to centralize logs in one location would provide you with information after the fact.
0
 
LVL 25

Accepted Solution

by:
madunix earned 167 total points
ID: 38738984
The audit logging should be configured in your system. You may give a try with pam_tty_audit module if you want to keep a track of all commands they use. You can enable this module only for a particular user, then track the commands executed by that user.  

Another method would be using sudo, with sudo you get each and every commands logged into /var/log/secure file, so it's easy to track user activities.  

You could also check http://people.redhat.com/sgrubb/audit/

Read (Sample for Redhat)
How can I log all the commands that are run by root? - http://kbase.redhat.com/faq/docs/DOC-9131
How can I use audit to see who changed a file in Red Hat Enterprise Linux? - http://kbase.redhat.com/faq/docs/DOC-10108
How do I configure audit to log all files opened on a system in Red Hat Enterprise Linux? - http://kbase.redhat.com/faq/docs/DOC-7428
http://tldp.org/HOWTO/Process-Accounting/
http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html
http://www.linuxjournal.com/article/6144
http://www.sudo.ws/sudo/sudoers.man.html
0

Featured Post

Containers and Docker for Everyone

Containers are an incredibly powerful technology that can provide you and/or your engineering team with huge productivity gains. Using containers, you can deploy, back up, replicate, and move apps and their dependencies quickly and easily.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question