User account logging


 
Thread Tools Search this Thread
# 1  
User account logging

Hi - I want to log commands typed by oraapps user with time into some log file on runtime.

HISTTIMEFORMAT="%d/%m/%y %T " works but any one with oraapps user can delete the history.

OS : RHEl 5.6

Any help is appreciated.
# 2  
Being able to write the file implies being able to clear it...

Remove write-permissions from the directory and they won't be able to delete the file.
# 3  
we have multiple users having access to orapps. anyone can change permissions on the history file delete some lines and revert permissions back as it was.

---------- Post updated at 04:13 PM ---------- Previous update was at 04:02 PM ----------

I think script in bash_profile might work. Is there anyway to get date with time on unix command line for every command you enter before and after. like set time on in oracle sql

16:12:28 SQL> select name from v$database;

NAME
---------
TEST

16:12:59 SQL>

---------- Post updated at 04:15 PM ---------- Previous update was at 04:13 PM ----------

Quote:
Originally Posted by oraclermanpt
we have multiple users having access to orapps. anyone can change permissions on the history file delete some lines and revert permissions back as it was.

---------- Post updated at 04:13 PM ---------- Previous update was at 04:02 PM ----------

I think script in bash_profile might work. Is there anyway to get date with time on unix command line for every command you enter before and after. like set time on in oracle sql

16:12:28 SQL> select name from v$database;

NAME
---------
TEST

16:12:59 SQL>
# 4  
Don't bump posts. We are not "on call". If you don't get an answer immediately, wait!

Quote:
Originally Posted by oraclermanpt
we have multiple users having access to orapps. anyone can change permissions
You can grant them read and write access even if they're not the owner. Not being the owner would prevent them from chmod-ing it.

Of course, if they have write access, they never needed chmod, because they can write to it. If they have access to a file and have shell access, they have access to a file and have shell access. This is why giving 9 people the same shell account is a bad idea...

Quote:
I think script in bash_profile might work.
Nothing would stop them from killing script and falsifying its results. If they have access to their files and processes, they have access to their files and processes. This is why giving 9 people the same shell account is a bad idea...

Do they truly need shell access to this account? Might they just need the ability to do a few very specific things as this user? You could limit them with sudo. Only allow a few specific users to run your very own wrapper script under this user, a wrapper script which records and formats their input in whatever way you like. This would let you control which users get to run it, too, without having to give them all the same password. You'd be able to track which users were running it when, too. You may even be able to do it seamlessly with an alias.

Last edited by Corona688; 02-15-2012 at 05:40 PM..
# 5  
Hi Corona - I appreciate your help at this time. My intention was never to bump the posts and get answer immediately. Not sure how this forum update of posts works. Probably I need to visit "You Must Read this Before Posting" again.

Thanks,
# 6  
Sorry for jumping on a mistake then. We do get an awful lot of bumps anyway.

I continue to think you'll need to restrict shell access and only allow them to run specific functions under that account with sudo in order to get the level of monitoring and control you want. The system you have right now just isn't safe. Anyone could run passwd and lock out everyone else...
 

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Logging in to 100 server to test my account

I have been logging to 100 server everyday to test if I can login to the server. I created a script to ssh-copy-id to every host so next time it will be password less. Now it keeps prompting me Are you sure you want to continue connecting (yes/no)? yes This is normal for first time login.... (2 Replies)
Discussion started by: invinzin21
2 Replies

2. Shell Programming and Scripting

User Logging

Hi, I have several engineers logging into servers with the same system username and passwords eg root. I was thinking about adding a script to bashrc where a user is forced upon login to enter their name and once that has executed there history is logged/redirected to a log file somewhere. I... (10 Replies)
Discussion started by: maxwellhouse
10 Replies

3. UNIX for Advanced & Expert Users

Logging User Sessions

Hello, I am using a Linux server (Ubuntu 11.04 Server) to host some files and a code repository. Because we are using ssh + svn to connect to the repository, our users have normal ssh access. What I would like to do is log their user sessions so that I have an audit trail in the event that... (2 Replies)
Discussion started by: chrisb1609
2 Replies

4. Shell Programming and Scripting

Logging in unix account taking password from a parameter file

Hi All, I am writing a script where it updates a file in an unix account. To update that file i need to be logged in as that account user. say account name is ab01 and its password is passab01. What i want to do is, my script should read login id and password from a parameter file and... (4 Replies)
Discussion started by: pkbond
4 Replies

5. UNIX for Dummies Questions & Answers

How to avoid logging with root user?

I have created a linux machine and installed some softwares on it with root user privileges . I used to login with root user credentials for doing the various task. Later i have realise that this is not the best practice to follow and there should be a new user with less privileges to be created... (1 Reply)
Discussion started by: pinga123
1 Replies

6. AIX

Logging user logins

I want to know how I can turn off and turn on login logging. We have a server that appears to have stopped logging user logins. Running the who command shows nothing and the last command shows no logins for a month. The var/adm/wtmp file isn't full and there is plenty of space in the var file... (2 Replies)
Discussion started by: daveisme
2 Replies

7. UNIX for Dummies Questions & Answers

Difference between : Locked User Account & Disabled User Accounts in Linux ?

Thanks AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies

8. HP-UX

Issue with user logging in to HP UX Server

Hi, I wonder if anyone is able to assist me. I have a HP UX server and some HP UX workstations that has been migrated from another network. I have changed the IP Addresses and everything seems to be working fine. However, the users are complaining that they are unable to login to the UX... (1 Reply)
Discussion started by: michaelgim
1 Replies

9. Solaris

Tracing a user and logging his actions

Dear All, I want to enable the tracing for a user and logging all things he do in a log file.......... Thaaanks (2 Replies)
Discussion started by: adel8483
2 Replies

10. UNIX for Advanced & Expert Users

User logging log

Hi, Does anybody knows is there a way or how to records user logging record? thanks in advance (4 Replies)
Discussion started by: jennifer
4 Replies

Featured Tech Videos