hey friends,
We are running 2 Centos servers 4.0 and 4.4 in our office for various activies like Mailing, Web Services, Database, CVS, FTP,Samba, Squid etc. We have about 100+ users on those servers , many users don't have shell on these servers (/sbin/nologin set as default shell) and some has shell (/bin/bash). We want to monitor the user activities of those users who have shell means what they all do on the server. One of the servers contains important data in the database and we don't want authorized users as they have access to this data and can copy this data to somewhere else like to their local systems.
We want to track/monitor the activities of the users. Is there any free open source software available which can show daily /weekly/ monthly repots of the users activities.
Please let me know if you need any further inputs.
Regards
Ankush Grover
ankush grover wrote:
hey friends,
We are running 2 Centos servers 4.0 and 4.4 in our office for various activies like Mailing, Web Services, Database, CVS, FTP,Samba, Squid etc. We have about 100+ users on those servers , many users don't have shell on these servers (/sbin/nologin set as default shell) and some has shell (/bin/bash). We want to monitor the user activities of those users who have shell means what they all do on the server. One of the servers contains important data in the database and we don't want authorized users as they have access to this data and can copy this data to somewhere else like to their local systems.
We want to track/monitor the activities of the users. Is there any free open source software available which can show daily /weekly/ monthly repots of the users activities.
Please let me know if you need any further inputs.
Regards
Ankush Grover _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I think you may be looking for something like sudo.
from: http://www.gratisoft.us/sudo/intro.html
The ability to restrict what commands a user may run on a per-host basis.
Sudo does copious logging of each command, providing a clear audit trail of who did what. When used in tandem with syslogd, the system log daemon, /sudo/ can log all commands to a central host (as well as on the local host). At CU, all admins use /sudo/ in lieu of a root shell to take advantage of this logging.
Sudo uses timestamp files to implement a "ticketing" system. When a user invokes /sudo/ and enters their password, they are granted a ticket for 5 minutes (this timeout is configurable at compile-time). Each subsequent /sudo/ command updates the ticket for another 5 minutes. This avoids the problem of leaving a root shell where others can physically get to your keyboard. There is also an easy way for a user to remove their ticket file, useful for placing in a .logout file.
may even be installed on you system already.
rpm -qa | grep sudo
or
yum search sudo
-
ankush grover -
Cameron Showalter