[logs] How to log - commands and file access
Stephen John Smoogen
smooge at gmail.com
Fri Nov 9 11:10:38 PST 2007
On Nov 9, 2007 1:25 AM, <david.bigot at devoteam.com> wrote:
>
> Hello,
>
> I want to known for a customer, how to log automatically on UNIX and Linux
> system :
> - all commands executed (in BASH, ZSH & co ...). I know but the file
> ~/.(ba)sh_history but I prefer a global file or through syslog.
> - all file access by process and username in real-time (not static) or if
> it's not possible, which process and username access to some files (or
> directory) like /etc/shadow, /data/ ...
>
Depending on the OS and its capabilities.. you can do so through
various 'auditing' programs. For most modern Linux(s) you can
accomplish part of this via
1) lastcomm (via psacct program)
2) audit
3) creating a policy that will cover the files you want.
> Regards,
> ----------------------------------------------------------------------
> David Bigot - Consultant sécurité
> Apogée Communications - Groupe DEVOTEAM
> 86, rue Anatole France
> 92300 Levallois-Perret
> téléphone: ()1.41.49.58.04
> email: david.bigot at apogee-com.fr
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis at loganalysis.org
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>
--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
More information about the LogAnalysis
mailing list