Unix administration - Audit individual session

Author

Audit individual session

mohitanchlia@gmail.com

2006-09-08, 7:35 pm

I am looking for some very good suggestions to log activity that occurs
after individual login to UNIX. Scenario:

1. Log all the commands executed by the user after user login into the
UNIX account.
2. Also, if after login user "su" to other login, log all the commands
executed in that "su" login.

What I know is that this could be done by "scripts", but, we don't want
to use scripts because:

1. User can modify the files as it's accessible by him.
2. Also, because it could be easily turned off.

Is there any other better way ? I looked at syslog, sulog etc, but none
of them gives me what I need. sulog just tells who logged in from which
IP.

UNIX being so powerful and profusion of utilities on it would have
something in store that suits my requirement. So here comes the
experience into play.

Michael Heiming

2006-09-10, 7:43 am

In comp.unix.admin mohitanchlia@gmail.com:
> I am looking for some very good suggestions to log activity that occurs
> after individual login to UNIX. Scenario:

> 1. Log all the commands executed by the user after user login into the
> UNIX account.
> 2. Also, if after login user "su" to other login, log all the commands
> executed in that "su" login.

> What I know is that this could be done by "scripts", but, we don't want
> to use scripts because:

> 1. User can modify the files as it's accessible by him.
> 2. Also, because it could be easily turned off.

Wrong.

> Is there any other better way ? I looked at syslog, sulog etc, but none

Look into process accounting, this should do what you want.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvpunry@urvzvat.qr | PERL -pe 'y/a-z/n-za-m/'
#bofh excuse 80: That's a great computer you have there;
have you considered how it would work as a BSD machine?