Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: User Logging
Top Forums Shell Programming and Scripting User Logging Post 302886863 by rbatte1 on Tuesday 4th of February 2014 04:58:30 AM
Old 02-04-2014
In a Financial Services company, we would be taken to court if we cannot prove who did what where. Basically, that translates that everyone must use a personal normal account. We have groups that can perform security actions and these are highly monitored and anyone requiring root access has a sudo rule for the particular command and logs are generated and monitored by a separate team for auditing.

Huge overhead, but very necessary when the values of money in question are huge and the requirements of Data Protection are high to protect customers. There's no easy way around it, but if you give root access too easily, then someone can remove any restrictions and cover their tracks very easily.

Imagine someone adding a service that they could use as a back-door where the normal protections cease to apply, or setting up at or cron jobs to perform actions that they won't be traced to.


Keep root to (at most) three people in a single team, and then only in an emergency. Have root login restricted to the console only and limit who can access the console.


Like Corona688 says, if you give out root, you've lost all control and therefore the integrity of your server.



Robin
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

User logging log

Hi, Does anybody knows is there a way or how to records user logging record? thanks in advance (4 Replies)
Discussion started by: jennifer
4 Replies

2. Solaris

Tracing a user and logging his actions

Dear All, I want to enable the tracing for a user and logging all things he do in a log file.......... Thaaanks (2 Replies)
Discussion started by: adel8483
2 Replies

3. HP-UX

Issue with user logging in to HP UX Server

Hi, I wonder if anyone is able to assist me. I have a HP UX server and some HP UX workstations that has been migrated from another network. I have changed the IP Addresses and everything seems to be working fine. However, the users are complaining that they are unable to login to the UX... (1 Reply)
Discussion started by: michaelgim
1 Replies

4. UNIX for Dummies Questions & Answers

Possibility of logging into linux machine when the user does not exist locally

Hi, I am trying authenticate ssh users login using third party server (radius) instead of local system authentication. I have modified my /etc/pam.d/sshd with required server auth configuration and able to authenticate user using radius server and the user is able to ssh into this linux... (2 Replies)
Discussion started by: dhandapanik
2 Replies

5. AIX

Logging user logins

I want to know how I can turn off and turn on login logging. We have a server that appears to have stopped logging user logins. Running the who command shows nothing and the last command shows no logins for a month. The var/adm/wtmp file isn't full and there is plenty of space in the var file... (2 Replies)
Discussion started by: daveisme
2 Replies

6. Post Here to Contact Site Administrators and Moderators

Constant Logging In (After Logging Out)

Hi Everyone. First, I want to thank all of you for letting me participate in this great group. I am having a bit of a problem. After I get an email from a responder, I login to make my reply. In the mean time I get another response by email from another member, I go to reply to them and I... (6 Replies)
Discussion started by: Ccccc
6 Replies

7. UNIX for Dummies Questions & Answers

How to avoid logging with root user?

I have created a linux machine and installed some softwares on it with root user privileges . I used to login with root user credentials for doing the various task. Later i have realise that this is not the best practice to follow and there should be a new user with less privileges to be created... (1 Reply)
Discussion started by: pinga123
1 Replies

8. UNIX for Advanced & Expert Users

Logging User Sessions

Hello, I am using a Linux server (Ubuntu 11.04 Server) to host some files and a code repository. Because we are using ssh + svn to connect to the repository, our users have normal ssh access. What I would like to do is log their user sessions so that I have an audit trail in the event that... (2 Replies)
Discussion started by: chrisb1609
2 Replies

9. UNIX for Dummies Questions & Answers

User account logging

Hi - I want to log commands typed by oraapps user with time into some log file on runtime. HISTTIMEFORMAT="%d/%m/%y %T " works but any one with oraapps user can delete the history. OS : RHEl 5.6 Any help is appreciated. (5 Replies)
Discussion started by: oraclermanpt
5 Replies

10. Linux

Syslog not logging successful logging while unlocking server's console

When unlocking a Linux server's console there's no event indicating successful logging Is there a way I can fix this ? I have the following in my rsyslog.conf auth.info /var/log/secure authpriv.info /var/log/secure (1 Reply)
Discussion started by: walterthered
1 Replies

LEARN ABOUT OPENSOLARIS

cron

cron(1M)						  System Administration Commands						  cron(1M)

NAME

       cron - clock daemon

SYNOPSIS

       /usr/sbin/cron

DESCRIPTION

       cron starts a process that executes commands at specified dates and times.

       You   can   specify   regularly	 scheduled  commands  to  cron	according  to  instructions  found  in	crontab  files	in  the  directory
       /var/spool/cron/crontabs. Users can submit their own crontab file using the crontab(1) command. Commands which are to be executed only once
       can be submitted using the at(1) command.

       cron  only examines crontab or at command files during its own process initialization phase and when the crontab or at command is run. This
       reduces the overhead of checking for new or changed files at regularly scheduled intervals.

       As cron never exits, it should be executed only once. This is done routinely by way  of	the  svc:/system/cron:default  service.  The  file
       /etc/cron.d/FIFO file is used as a lock file to prevent the execution of more than one instance of cron.

       cron captures the output of the job's stdout and stderr streams, and, if it is not empty, mails the output to the user. If the job does not
       produce output, no mail is sent to the user. An exception is if the job is an at(1) job and the -m option was specified when  the  job  was
       submitted.

       cron and at jobs are not executed if your account is locked. Jobs and processses execute. The shadow(4) file defines which accounts are not
       locked and will have their jobs and processes executed.

   Setting cron Jobs Across Timezones
       The timezone of the cron daemon sets the system-wide timezone for cron entries. This, in turn, is  by  set  by  default	system-wide  using
       /etc/default/init. The timezone for cron entries can be overridden in a user's crontab file; see crontab(1).

       If  some  form  of  daylight savings or summer/winter time is in effect, then jobs scheduled during the switchover period could be executed
       once, twice, or not at all.

   Setting cron Defaults
       To keep a log of all actions taken by cron, you must specify CRONLOG=YES in the /etc/default/cron file. If you specify CRONLOG=NO, no  log-
       ging is done. Keeping the log is a user configurable option since cron usually creates huge log files.

       You  can  specify the PATH for user cron jobs by using PATH= in /etc/default/cron. You can set the PATH for root cron jobs using SUPATH= in
       /etc/default/cron. Carefully consider the security implications of setting PATH and SUPATH.

       Example /etc/default/cron file:

	 CRONLOG=YES
	 PATH=/usr/bin:/usr/ucb:

       This example enables logging and sets  the  default  PATH  used	by  non-root  jobs  to	/usr/bin:/usr/ucb:.  Root  jobs  continue  to  use
       /usr/sbin:/usr/bin.

       The cron log file is periodically rotated by logadm(1M).

FILES

       /etc/cron.d		Main cron directory

       /etc/cron.d/FIFO 	Lock file

       /etc/default/cron	cron default settings file

       /var/cron/log		cron history information

       /var/spool/cron		Spool area

       /etc/cron.d/queuedefs	Queue description file for at, batch, and cron

       /etc/logadm.conf 	Configuration file for logadm

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       svcs(1), at(1), crontab(1), sh(1), logadm(1M), svcadm(1M), queuedefs(4), shadow(4), attributes(5), rbac(5), smf(5), smf_security(5)

NOTES

       The cron service is managed by the service management facility, smf(5), under the service identifier:

	 svc:/system/cron:default

       Administrative  actions	on  this  service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). The ser-
       vice's status can be queried using the svcs(1) command. Most administrative actions may be delegated to	users  with  the  solaris.smf.man-
       age.cron authorization (see rbac(5) and smf_security(5)).

DIAGNOSTICS

       A history of all actions taken by cron is stored in /var/cron/log and possibly in /var/cron/olog.

SunOS 5.11							    4 Feb 2009								  cron(1M)
All times are GMT -4. The time now is 08:06 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy