any way to track commands of a user logged in through ssh 2299
lnxnubie
Even if I do as u implied above, the logs just give me the time stamp and not the user running the particular command to stop the sshd service..and if I compare the time stamp with the last command...it still does not give me enough evidence to point a finger at someone with the confidence. For eg..
If A logs in at 10:00 and runs serviceetc-rc.d-init.d-sshd stop at 10:20, the logs do not provide me with the username. May be some one else can log in at 10:10 and useetc-rc.d-init.d-sshd stop command...
..Jeremiah DeWitt Weiner.. Even sudo does not provide enough logging to give me enough confdence to catch the culprit. It just provides me the logs as to when the user logged in using sudo..As an eg..I used #sudo su -
Unruh dafyddj... ..What aboutvar-log-auth.log ? .. yes it will show me who logged in from where but still it will not tell me what...
Now when the user did #sudo su-
You were right! There was no cable between CDROM drive and sound card (actually sound...
#service postgresql stop
the logs just gave me the pointers to when the user logged in using sudo..and that a session for postgres user was opened and closed...
I was planning on writing a script using #last which provides me with the tty on which a user "A" logged in using ssh. Using the tty I was planning on finding out what commands were run on that terminal..This will also eliminate any doubts if some other user "X" ran the commands on a terminal at the same time that the user "A" was logged in using ssh...`top` command does give me the terminal on which the particular command was run...
Please advise..
Thanks Danish
any way to track commands of a user logged in through ssh 2300
Linux groups from Newsgroups
any way to track commands of a user logged in through ssh 2298