[CentOS] How protect bash history file, do audit alike in server

Wed Aug 8 19:35:02 UTC 2012
Heng Su <ste.suheng at gmail.com>

Hi Harald,

   Thank you so much to guide to correct path and let me know how to 
move on, learn more from you.
Indeed I am a developer not an admin, that's a good question for the 
headers of my company why there is no admin to manage the server in our 
company. Anyway this can not controlled by me, I am a developer leader 
just want to make sure my team member do correct things in server.
   I really like linux especially CentOS, I want learn more from you. 
Thank you again.

Best Regards.

On 08/09/2012 03:14 AM, Reindl Harald wrote:
>
> Am 08.08.2012 21:07, schrieb Heng Su:
>> OK, assuming there is an jboss application server  running under user
>> 'jboss' in PRD server, and we have 4 developers want to update the jar
>> file in that server.
> look in the manuals for sftp / chroot and bind-mounts
>
>> they always login use same user 'jboss' to do updating file in server,
>> how can I tell which guy doing what things cause the server down as they
>> use same user account 'jboss'?
> WHY do they user the same acount?
>
>> So I don't know how should I do as I am a shoddy server admin, so I use
>> root to maintain the application server. then create 4 account in server
>> for individual developer. So if they want copy, move or other operations
>> on those deploy folder or files. Let them use sudo. Now I got all
>> commands they did in /var/log/secure
> a DEVELOPER has not to get sudo or even any shell to update
> any files - never, really never
>
> they have only to update files and if needed get WEB-APLICATIONS
> with cron-jobs behind to call CAREFUL DEFINED specific commands
>
> if you give different people sudo/root permeissions because
> you are missing the knowledge how to maintain a server
> in a secure way you are the wrong person with the wrong job
>
> how comes taht you ignore all teh security-news at least of the
> recent two years? how comes that there is nobody in your comanpy
> with the knowledge a admin needs?
>


-- 
Best Regards,
Su Heng