[CentOS] How protect bash history file, do audit alike in server
Rajagopal Swaminathan
raju.rajsand at gmail.comWed Aug 8 17:32:03 UTC 2012
- Previous message: [CentOS] How protect bash history file, do audit alike in server
- Next message: [CentOS] How protect bash history file, do audit alike in server
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Greetings, On Wed, Aug 8, 2012 at 10:26 PM, Heng Su <ste.suheng at gmail.com> wrote: > hello, > For my server, many users can log in with root from remote through > ssh, so I can not trace which guy do wrong things. So I decide to create > new account for every users and let them use 'sudo' then I can trace > which guy typed which command and what he did. However, even if I create > new account for every user, they also can delete the history of them > self easily. > > How should I do. I believe everyone encountered such things > normally. I think there is a gracefully solution for it as I am not > experience on server manage. So any suggestions for how to trace user > like to write down which user did as an audit trail and let it can not > deletable exclude root user? Perhaps you can look at inotify, put the .bash_history on its watchlist and then rsync the changes to a remote host. Haven't tried it though. HTH -- Regards, Rajagopal
- Previous message: [CentOS] How protect bash history file, do audit alike in server
- Next message: [CentOS] How protect bash history file, do audit alike in server
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list