FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 07-16-2008, 08:26 AM
Richard Marzan
 
Default user command auditing

Is there a tool or a way of keeping track of which commands user's are
executing on a system? I understand that history files can be wiped out
and they don't really contain the time at which a command and it's
arguments were run so I refrain from relying on it.


Regards,
Richard

--
gentoo-user@lists.gentoo.org mailing list
 
Old 07-16-2008, 03:22 PM
"A. Khattri"
 
Default user command auditing

On Wed, 16 Jul 2008, Richard Marzan wrote:


Is there a tool or a way of keeping track of which commands user's are
executing on a system? I understand that history files can be wiped out
and they don't really contain the time at which a command and it's
arguments were run so I refrain from relying on it.


On traditional UNIX systems, system accounting logs (usually called
acct) can be read via the lastcomm command. Im guessing that the
sys-process/acct ebuild will give you those commands.


NOTE: You will also need kernel support for process/login accounting -
look for "process accounting" in your kernel config and make sure it is
switched on. (Natrually, you will need to rebuild your kernel / modules if
it isn't switched on and reboot to activate it).



UPDATE: I just checked one of my kernels and the config option is called
"BSD-style process accouting" - it lives in General Setup when configuring
a kernel.



--
A
--
gentoo-user@lists.gentoo.org mailing list
 
Old 07-16-2008, 07:11 PM
"Andrew Tchernoivanov"
 
Default user command auditing

>Is there a tool or a way of keeping track of which commands user's are

>executing on a system?

There is a .bash_history file in user's home folders. It contains all commands executed by this user.

On Wed, Jul 16, 2008 at 7:22 PM, A. Khattri <ajai@bway.net> wrote:

On Wed, 16 Jul 2008, Richard Marzan wrote:



*I understand that history files can be wiped out

and they don't really contain the time at which a command and it's

arguments were run so I refrain from relying on it.




On traditional UNIX systems, system accounting logs (usually called acct) can be read via the lastcomm command. Im guessing that the sys-process/acct ebuild will give you those commands.



NOTE: You will also need kernel support for process/login accounting - look for "process accounting" in your kernel config and make sure it is switched on. (Natrually, you will need to rebuild your kernel / modules if it isn't switched on and reboot to activate it).






UPDATE: I just checked one of my kernels and the config option is called "BSD-style process accouting" - it lives in General Setup when configuring a kernel.





--

A

--

gentoo-user@lists.gentoo.org mailing list
 
Old 07-16-2008, 11:37 PM
Dale
 
Default user command auditing

Andrew Tchernoivanov wrote:

>Is there a tool or a way of keeping track of which commands user's are
>executing on a system?

There is a .bash_history file in user's home folders. It contains all
commands executed by this user.




But as the OP said, it can be edited or deleted so he can not rely on it.

Dale

:-) :-)
--

gentoo-user@lists.gentoo.org mailing list
 

Thread Tools




All times are GMT. The time now is 05:13 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org