Red Hat LInux

How can I enable a log to see what people change on the server, including files, installations and configuration.  Or is there an open source software for this?
Jack_son_Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Fadi SODAH (aka madunix)Connect With a Mentor Chief Information Security Officer, CISA, CISSP, CFR, ICATE, MCSE, CCNA, CCNP, CCIP, SCSC and SCECommented:
The audit logging should be configured in your system. You may give a try with pam_tty_audit module if you want to keep a track of all commands they use. You can enable this module only for a particular user, then track the commands executed by that user.  

Another method would be using sudo, with sudo you get each and every commands logged into /var/log/secure file, so it's easy to track user activities.  

You could also check http://people.redhat.com/sgrubb/audit/

Read (Sample for Redhat)
How can I log all the commands that are run by root? - http://kbase.redhat.com/faq/docs/DOC-9131
How can I use audit to see who changed a file in Red Hat Enterprise Linux? - http://kbase.redhat.com/faq/docs/DOC-10108
How do I configure audit to log all files opened on a system in Red Hat Enterprise Linux? - http://kbase.redhat.com/faq/docs/DOC-7428
http://tldp.org/HOWTO/Process-Accounting/
http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html
http://www.linuxjournal.com/article/6144
http://www.sudo.ws/sudo/sudoers.man.html
0
 
woolmilkporcConnect With a Mentor Commented:
Set up and activate the auditing subsystem which is part of Linux.

Here is how to do it:

https://www.suse.com/documentation/sled10/pdfdoc/auditqs_sp2/auditqs_sp2.pdf

Although the document above states to be meant for SuSE the instructions given there will work for almost any Linux.
0
 
arnoldConnect With a Mentor Commented:
Sudo maintains a log of what is being done.  Using cvs/subversion to maintain config revisions or better still use puppet to manage server configuration from a central setup.
You need to define the scale and scope of what you are trying do.
Using syslog/rsyslog to centralize logs in one location would provide you with information after the fact.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.