Solved

Linux user permissions

Posted on 2013-11-27
4
743 Views
Last Modified: 2013-12-31
Is it possible to track this scenario?

I have a user account user1 which has direct root login disabled.

user2 and user3 are able to switch as user1 after ssh to the server.

suppose If user2 and user3 switched as user1 simultaneously and user2 removes a file from the server.

How I can track this event and determine which user has removed the file? Is linux auditing will be able to track this?

Is there any scp tools available so that I can login as user2 or 3 and switch as user1?
0
Comment
Question by:vipinvgopal
4 Comments
 
LVL 12

Assisted Solution

by:Chris Staunton
Chris Staunton earned 250 total points
ID: 39680417
You could turn on shell logging and just monitor the logs that way.  If the user is using bash for instance you could modify the .bashrc with something like:

[[ ! -d $HOME/.hist ]] && mkdir -p $HOME/.hist
export HISTSIZE=2000
export HISTFILE=$HOME/.hist/`date +%Y%m%d.%H%M`.`who -m | awk '{print $1 "." $2}' | sed 's/\///g'`.$$

Then you can review the dated files in the .hist folder

If you are looking for a more robust solution that you could use for SOX auditing for example.  Check out Centrify for corporate environments.  Their auditing features are pretty impressive.
0
 
LVL 3

Accepted Solution

by:
Detlef001 earned 250 total points
ID: 39680424
0
 
LVL 25

Expert Comment

by:madunix
ID: 39682730
You may give a try with pam_tty_audit module if you want to keep a track of all commands they use, Please refer man pam_tty_audit for more details. You can enable this module only for a particular user, then track the commands executed by that user. The logs goes to /var/log/audit/audit.log, it might not be a good option if you want to monitor the account frequently, (Since all are executed using the same account, you have to find the "su" entry first and track the commands executed from that terminal). Also this expects all users use "su - <username>", if they login directly there is no way to track.

Another method would be using sudo, with sudo you get each and every commands logged into /var/log/secure file, so it's easy to track user activities. Make sure the users wont be able to do "# sudo su - <user>" or "# sudo -i ". (also they should not be logging in to the shared account directly.. ie; the shared account password should not be distributed, or restrict direct login using pam configurations).
0
 
LVL 15

Expert Comment

by:Insoftservice
ID: 39686740
Just ad-don to the above comments.
Do the file belongs to server or its some from your specific folders .
If its in a specific folder or path you can use cvs
You are expecting to keep monitoring of your files which can be easily done by a subversion tools like tortoise or svn
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
centos linux 65 156
ignore other .htaccess 2 58
000webhost.com default error log 1 40
The better OS Architecture 13 66
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question