Hi mark,
Great! I think those you mentioned is exactly what I want. Normally, I want to trace which guy got wrong things in server.
I tried the link that Harold provided find it's a good idea to protect log files, however, I want to know is which guy type which command.
the /var/log/secure is what I want, thank you so much.
I can not limit the sudo commands , like cp command.
For instance, a small team 4 developers, we deploy some code file to this server, however, someone let say new guy overwrite wrong file. I need to trace on it and inform him carefully.
thanks.
On 08/09/2012 01:42 AM, m.roth@5-cent.us wrote:
Heng Su wrote:
hello,
I want to protect the history file from deleted for all users exceptuser 'root' can do it, is that possible? For my server, many users can log in with root from remote through ssh, so I can not trace which guy do wrong things. So I decide to create new account for every users and let them use 'sudo' then I can trace which guy typed which command and what he did. However, even if I create new account for every user, they also can delete the history of them self easily.
How should I do. I believe everyone encountered such thingsnormally. I think there is a gracefully solution for it as I am not experience on server manage. So any suggestions for how to trace user like to write down which user did as an audit trail and let it can not deletable exclude root user?
So, you've got someone inside, who's doing nasty, or stupid, things?
The most obnoxious, stupid idea I've had to deal with was a few years ago, when the company I was subcontracting for put something in the .profile to log every. single. command. a developer issued....
However, since you've set up sudo for them, their commands should *also* be in /var/log/secure. Of course, what you need is a script to grab that, and attach to it which user had sudo'd.
Hmmm, as I type that, I just got to thinking: do they need all root privileges, or do specific users only need certain commands? If so, it's easy enough to limit what commands they're allowed to run under sudo - man sudoers.
mark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos