[CentOS] Software for monitoring user activities

Tue Dec 19 22:15:55 UTC 2006
Cameron Showalter <cameron at gwschool.com>

ankush grover wrote:
> hey friends,
> We are running 2 Centos servers 4.0 and 4.4 in our office for various
> activies like Mailing, Web Services, Database, CVS, FTP,Samba, Squid
> etc. We have about 100+ users on those servers , many users don't have
> shell on these servers (/sbin/nologin set as default shell)  and some
> has shell (/bin/bash). We want to monitor the user activities of those
> users who have shell  means what they all do on the server. One of the
> servers contains important data in the database and we don't want
> authorized users as they have access to this data and can  copy this
> data to somewhere else like to their local systems.
> We want to track/monitor the activities of the users. Is there any
> free open source software available which can show daily /weekly/
> monthly repots of the users activities.
> Please let me know if you need any further inputs.
> Regards
> Ankush Grover
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
I think you may be looking for something like sudo.


The ability to restrict what commands a user may run on a per-host basis.

Sudo does copious logging of each command, providing a clear audit trail
of who did what. When used in tandem with syslogd, the system log
daemon, /sudo/ can log all commands to a central host (as well as on the
local host). At CU, all admins use /sudo/ in lieu of a root shell to
take advantage of this logging.

Sudo uses timestamp files to implement a "ticketing" system. When a user
invokes /sudo/ and enters their password, they are granted a ticket for
5 minutes (this timeout is configurable at compile-time). Each
subsequent /sudo/ command updates the ticket for another 5 minutes. This
avoids the problem of leaving a root shell where others can physically
get to your keyboard. There is also an easy way for a user to remove
their ticket file, useful for placing in a .logout file.

may even be installed on you system already.   

rpm -qa | grep sudo


yum search sudo