Monitoring Linux user account

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Is it possible to logging/monitoring the activity of an user-account
on Linux ??

We are looking into using the command script to build up a monitoring
tool, but it seems like if you are having a little knowledge about
Linux you can get a workaround of the command and delete the log.

Best regards

Re: Monitoring Linux user account

On 15 Feb, 07:55, wrote:
Quoted text here. Click to load it

What you really want is a keystroke monitor. Unfortunately, they're
bloody awkward to integrate into a normal operating system and cause
damage at weird times.

There is often some logging with some shells, namely a .bash_history
file, but those are easily confused and edited. It's also possible to
monitor the network traffic between one machine and another, but that
presents a lot of data you normally don't care about.

Re: Monitoring Linux user account

On Thu, 14 Feb 2008 23:55:13 -0800 (PST) wrote:

Quoted text here. Click to load it

It is well possible -- theoretically.  You'll have to make sure that the
user only uses a specific set of binaries and libraries, and that they
cannot override this.  These binaries have to send logging information
to, say, syslog, i.e. some logging system, which is one-way from the
user perspective.

More realistically, this is overkill.  It sets your system under quite
some load for information, which is mostly useless.  Log the important
things instead, whatever that might be in your particular scenario.
That's much easier.

Monitoring is even worse.  Generally you just don't want to do that.
The disadvantages way outweigh the advantages.  It's about the same as
logging, but requires much more resources, and someone to actually look
at the monitor all the time.

Ertugrul S=C3=B6ylemez.

Site Timeline