Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Keeping an eye on all user activities
Top Forums UNIX for Advanced & Expert Users Keeping an eye on all user activities Post 36046 by potato-head on Monday 19th of May 2003 06:07:54 PM
Old 05-19-2003
History is a great way to take a look at what people are doing. Should they require root access, use sudo, and enable verbose logging. To show what files are open, try losf. And from the ole' command line, w works like a champ.
 

7 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Tracking activities of Users using a particular login.

Hi!! Experts, I have a typical scenario here in which several users have access to a particular login .. say "build". None of the users know the passwd for this login. The name of some of the user have been to .rhosts file. The users can connect only by doing a rlogin to this id and then... (4 Replies)
Discussion started by: jyotipg
4 Replies

2. Shell Programming and Scripting

patterns from logs and activities

hi, i need help writing shell scripts to define patterns of user activities on our apache. i thought about going through logfiles and other places where user activities are stored and use that data to define patterns of action. i want these patterns to be visualized then. now my... (3 Replies)
Discussion started by: rocketkids
3 Replies

3. Shell Programming and Scripting

Need for loop to do 2 activities

I need my for loop to do 2 things at a time. I have a script where I move the old files into archive directory and then i want to compress them. Presently I am using 2 for loops for it. How can i do it in 1 for loop. Code: after this i am compresing them in another for loop: (3 Replies)
Discussion started by: dsravan
3 Replies

4. Red Hat

RPM Updation & Keeping User Change files during removal

Hi All, I have a RPM for an Java based application. Currently it works fine. But recently I want to implement that when newer packages gets installed over the older one, the rpm should only update the older files with the newer one (I know this could be done by rpm -Uvh xxx.rpm), but it... (0 Replies)
Discussion started by: jw_amp
0 Replies

5. Solaris

SYSLOGS - Where can I find FTP activities

Greetings to all. I need help from the experts. I have been given a FTP server script that runs all day, looking for files that are FTP'd to our machines. Its hoaky I know, but there are times that files are sent but somehow get lost. Is there a logfile I can view to see when files are received? ... (1 Reply)
Discussion started by: Harleyrci
1 Replies

6. SuSE

How do I make activities appear in SYSLOG file?

SUSE Linux 11 and 10 SP3. I am trying to capture some of my activities in SYSLOG file, /var/log/messages. To do this I created and dropped some test files and directories and users. But these activities are not captured in /var/log/messages. What should I do to make these activities... (7 Replies)
Discussion started by: JDBA
7 Replies

7. AIX

EYE function

Hello, could someone tell me if there's a function as on SOLARIS : EYE, to identify the function of server. Thank you, (4 Replies)
Discussion started by: rimob
4 Replies

LEARN ABOUT LINUX

sudo_root

sudo_root(8)						      System Manager's Manual						      sudo_root(8)

NAME

       sudo_root - How to run administrative commands

SYNOPSIS

       sudo command

       sudo -i

INTRODUCTION

       By  default, the password for the user "root" (the system administrator) is locked. This means you cannot login as root or use su. Instead,
       the installer will set up sudo to allow the user that is created during install to run all administrative commands.

       This means that in the terminal you can use sudo for commands that require root privileges. All programs in the menu will use  a  graphical
       sudo to prompt for a password. When sudo asks for a password, it needs your password, this means that a root password is not needed.

       To  run	a  command which requires root privileges in a terminal, simply prepend sudo in front of it. To get an interactive root shell, use
       sudo -i.

ALLOWING OTHER USERS TO RUN SUDO

       By default, only the user who installed the system is permitted to run sudo. To add more administrators, i. e. users who can run sudo,  you
       have to add these users to the group 'admin' by doing one of the following steps:

       * In a shell, do

	   sudo adduser username admin

       * Use the graphical "Users & Groups" program in the "System settings" menu to add the new user to the admin group.

BENEFITS OF USING SUDO

       The benefits of leaving root disabled by default include the following:

       * Users do not have to remember an extra password, which they are likely to forget.

       * The installer is able to ask fewer questions.

       * It  avoids  the  "I  can do anything" interactive login by default - you will be prompted for a password before major changes can happen,
	 which should make you think about the consequences of what you are doing.

       * Sudo adds a log entry of the command(s) run (in /var/log/auth.log).

       * Every attacker trying to brute-force their way into your box will know it has an account named root and will try that first. What they do
	 not know is what the usernames of your other users are.

       * Allows  easy transfer for admin rights, in a short term or long term period, by adding and removing users from the admin group, while not
	 compromising the root account.

       * sudo can be set up with a much more fine-grained security policy.

       * On systems with more than one administrator using sudo avoids sharing a password amongst them.

DOWNSIDES OF USING SUDO

       Although for desktops the benefits of using sudo are great, there are possible issues which need to be noted:

       * Redirecting the output of commands run with sudo can be confusing at first. For instance consider

	   sudo ls > /root/somefile

	 will not work since it is the shell that tries to write to that file. You can use

	   ls | sudo tee /root/somefile

	 to get the behaviour you want.

       * In a lot of office environments the ONLY local user on a system is root. All other users  are	imported  using  NSS  techniques  such	as
	 nss-ldap.  To	setup a workstation, or fix it, in the case of a network failure where nss-ldap is broken, root is required. This tends to
	 leave the system unusable. An extra local user, or an enabled root password is needed here.

GOING BACK TO A TRADITIONAL ROOT ACCOUNT

       This is not recommended!

       To enable the root account (i.e. set a password) use:

	   sudo passwd root

       Afterwards, edit the sudo configuration with sudo visudo and comment out the line

	   %admin  ALL=(ALL) ALL

       to disable sudo access to members of the admin group.

SEE ALSO

       sudo(8), https://wiki.ubuntu.com/RootSudo

								 February 8, 2006						      sudo_root(8)
All times are GMT -4. The time now is 02:14 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy