08-23-2017
Quote:
Originally Posted by
mohtashims
I would appreciate if anyone could share the correct proposed auditing system so i could learn and implement it. I should know who logged in when, be able to prompt & enforce a user login to enter an explanation of why he login, what all commands they fired i.e history for that session etc.
Anyways, because i thought the nature of my request is custom, i would rather go implementing it myself.
The problem, mainly, is that you're logging things as the same user you want to monitor. This means, by definition:
- Everything you log, they can delete.
- Everything you do, they can undo.
- Everything you run, they can kill.
- Everything you make, they can destroy.
This leaves it wide-open to both intentional and accidental abuse. There is no amount of shell script alone you can write to avoid this.
To prevent users from deleting the stuff being logged about them, it has to be logged somewhere they can't control. Meaning, the logging code has to run as some other user.
8 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Is there a way to specify 774 permissions for a file uploaded to an app server via ftp without the users logging in and doing a chmod on the file they just put? I understand they were doing this with an old shared account, and it was working. When they started using their own accounts it stopped... (1 Reply)
Discussion started by: jgentile
1 Replies
2. Shell Programming and Scripting
Hi all,
Can you please help me in this aspect. I devoloped a FTP script to copy a directory to remote server. Now i got stuck-up in changing the file permissions for all the files in directory. I tried to change the permissions of single file and I did it but failed in changing... (3 Replies)
Discussion started by: Chanakya.m
3 Replies
3. Solaris
HI,
1.I want to add multiple users at a same time. How to achive this , since useradd will add only one user at a time,.
2.Also let me know how to install a software in a group of machines where the machines are not configured as zones (1 Reply)
Discussion started by: rogerben
1 Replies
4. UNIX and Linux Applications
i think it is the same in both... Iam i right? (1 Reply)
Discussion started by: sumaiya
1 Replies
5. Red Hat
I need to have more than one user logged into my PC's VMWare Linux virtual simultaneously, each seeing a graphical display, to test my software's ability to affect their displays one by one. I have never done anything like this before. My Linux virtuals have been for my development only, that is... (3 Replies)
Discussion started by: BrandonShw
3 Replies
6. UNIX for Dummies Questions & Answers
Happy Thanksgiving Everyone!! I have a question about adding users to multiple groups. Thanks in advance
Using Red Hat and here are the issues:
Example:
Users:
Bob
Mark
Groups:
SystemsAnalysts
BusinessAnalysts
If I am adding a user Bob to both groups (SystemsAnalysts and... (2 Replies)
Discussion started by: hansokl
2 Replies
7. Shell Programming and Scripting
hi,
i am new to shell scripts
i write a shell script to create multiple users but i need to give passwords to that users while creating users, command to write this script (1 Reply)
Discussion started by: DONFOX
1 Replies
8. UNIX for Advanced & Expert Users
Hello All,
I have to restart 100's of scripts for at least 20+ users once the server restarts for any reason. I wanted to come up with a single script to trigger of all scripts/programs under all users with just one script (without root privilege).
Is it possible to do so? :confused: If not,... (6 Replies)
Discussion started by: PikK45
6 Replies
LEARN ABOUT FREEBSD
login
LOGIN(1) BSD General Commands Manual LOGIN(1)
NAME
login -- log into the computer
SYNOPSIS
login [-fp] [-h hostname] [user]
DESCRIPTION
The login utility logs users (and pseudo-users) into the computer system.
If no user is specified, or if a user is specified and authentication of the user fails, login prompts for a user name. Authentication of
users is configurable via pam(8). Password authentication is the default.
The following options are available:
-f When a user name is specified, this option indicates that proper authentication has already been done and that no password need be
requested. This option may only be used by the super-user or when an already logged in user is logging in as themselves.
-h Specify the host from which the connection was received. It is used by various daemons such as telnetd(8). This option may only be
used by the super-user.
-p By default, login discards any previous environment. The -p option disables this behavior.
Login access can be controlled via login.access(5) or the login class in login.conf(5), which provides allow and deny records based on time,
tty and remote host name.
If the file /etc/fbtab exists, login changes the protection and ownership of certain devices specified in this file.
Immediately after logging a user in, login displays the system copyright notice, the date and time the user last logged in, the message of
the day as well as other information. If the file .hushlogin exists in the user's home directory, all of these messages are suppressed.
This is to simplify logins for non-human users, such as uucp(1).
The login utility enters information into the environment (see environ(7)) specifying the user's home directory (HOME), command interpreter
(SHELL), search path (PATH), terminal type (TERM) and user name (both LOGNAME and USER). Other environment variables may be set due to
entries in the login class capabilities database, for the login class assigned in the user's system passwd record. The login class also con-
trols the maximum and current process resource limits granted to a login, process priorities and many other aspects of a user's login envi-
ronment.
Some shells may provide a builtin login command which is similar or identical to this utility. Consult the builtin(1) manual page.
The login utility will submit an audit record when login succeeds or fails. Failure to determine the current auditing state will result in
an error exit from login.
FILES
/etc/fbtab changes device protections
/etc/login.conf login class capabilities database
/etc/motd message-of-the-day
/var/mail/user system mailboxes
.hushlogin makes login quieter
/etc/pam.d/login pam(8) configuration file
/etc/security/audit_user user flags for auditing
/etc/security/audit_control global flags for auditing
SEE ALSO
builtin(1), chpass(1), csh(1), newgrp(1), passwd(1), rlogin(1), getpass(3), fbtab(5), login.access(5), login.conf(5), environ(7)
HISTORY
A login utility appeared in Version 6 AT&T UNIX.
BSD
September 13, 2006 BSD