08-23-2017
Quote:
Originally Posted by
mohtashims
I would appreciate if anyone could share the correct proposed auditing system so i could learn and implement it. I should know who logged in when, be able to prompt & enforce a user login to enter an explanation of why he login, what all commands they fired i.e history for that session etc.
Anyways, because i thought the nature of my request is custom, i would rather go implementing it myself.
The problem, mainly, is that you're logging things as the same user you want to monitor. This means, by definition:
- Everything you log, they can delete.
- Everything you do, they can undo.
- Everything you run, they can kill.
- Everything you make, they can destroy.
This leaves it wide-open to both intentional and accidental abuse. There is no amount of shell script alone you can write to avoid this.
To prevent users from deleting the stuff being logged about them, it has to be logged somewhere they can't control. Meaning, the logging code has to run as some other user.
8 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Is there a way to specify 774 permissions for a file uploaded to an app server via ftp without the users logging in and doing a chmod on the file they just put? I understand they were doing this with an old shared account, and it was working. When they started using their own accounts it stopped... (1 Reply)
Discussion started by: jgentile
1 Replies
2. Shell Programming and Scripting
Hi all,
Can you please help me in this aspect. I devoloped a FTP script to copy a directory to remote server. Now i got stuck-up in changing the file permissions for all the files in directory. I tried to change the permissions of single file and I did it but failed in changing... (3 Replies)
Discussion started by: Chanakya.m
3 Replies
3. Solaris
HI,
1.I want to add multiple users at a same time. How to achive this , since useradd will add only one user at a time,.
2.Also let me know how to install a software in a group of machines where the machines are not configured as zones (1 Reply)
Discussion started by: rogerben
1 Replies
4. UNIX and Linux Applications
i think it is the same in both... Iam i right? (1 Reply)
Discussion started by: sumaiya
1 Replies
5. Red Hat
I need to have more than one user logged into my PC's VMWare Linux virtual simultaneously, each seeing a graphical display, to test my software's ability to affect their displays one by one. I have never done anything like this before. My Linux virtuals have been for my development only, that is... (3 Replies)
Discussion started by: BrandonShw
3 Replies
6. UNIX for Dummies Questions & Answers
Happy Thanksgiving Everyone!! I have a question about adding users to multiple groups. Thanks in advance
Using Red Hat and here are the issues:
Example:
Users:
Bob
Mark
Groups:
SystemsAnalysts
BusinessAnalysts
If I am adding a user Bob to both groups (SystemsAnalysts and... (2 Replies)
Discussion started by: hansokl
2 Replies
7. Shell Programming and Scripting
hi,
i am new to shell scripts
i write a shell script to create multiple users but i need to give passwords to that users while creating users, command to write this script (1 Reply)
Discussion started by: DONFOX
1 Replies
8. UNIX for Advanced & Expert Users
Hello All,
I have to restart 100's of scripts for at least 20+ users once the server restarts for any reason. I wanted to come up with a single script to trigger of all scripts/programs under all users with just one script (without root privilege).
Is it possible to do so? :confused: If not,... (6 Replies)
Discussion started by: PikK45
6 Replies
audusr(1M) audusr(1M)
NAME
audusr - select users to audit
SYNOPSIS
user] ...] user] ...]
DESCRIPTION
is used to specify users to be audited or excluded from auditing. The command only works for systems that have been converted to trusted
mode.
To select users to audit on systems that have not been converted to trusted mode, use the command. See also audit(5), userdbset(1M),
userdb(4), and in security(4).
If no arguments are specified, displays the audit setting of every user. is restricted to privileged users.
Options
recognizes the following options:
Audit the specified
user. The auditing system records audit records to the ``current'' audit file when the specified user executes audited
events or system calls. Use to specify events to be audited (see audevent(1M)).
Do not audit the specified
user.
Audit all users.
Do not audit any users.
The and options are mutually exclusive: that is, if is specified, cannot be specified; if is specified, cannot be specified.
Users specified with are audited (or excluded from auditing) beginning with their next login session, until excluded from auditing (or
specified for auditing) with a subsequent invocation. Users already logged into the system when is invoked are unaffected during that
login session; however, any user who logs in after is invoked is audited or excluded from auditing accordingly.
WARNINGS
HP-UX 11i Version 3 is the last release to support trusted systems functionality.
AUTHOR
was developed by HP.
FILES
File containing flags to indicate whether users are audited.
SEE ALSO
audevent(1M), userdbset(1M), setaudproc(2), audswitch(2), audwrite(2), security(4), userdb(4), audit(5).
TO BE OBSOLETED audusr(1M)