Monitoring Linux user account - Security

This is a discussion on Monitoring Linux user account - Security ; Hi, Is it possible to logging/monitoring the activity of an user-account on Linux ?? We are looking into using the command script to build up a monitoring tool, but it seems like if you are having a little knowledge about ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Monitoring Linux user account

  1. Monitoring Linux user account

    Hi,

    Is it possible to logging/monitoring the activity of an user-account
    on Linux ??

    We are looking into using the command script to build up a monitoring
    tool, but it seems like if you are having a little knowledge about
    Linux you can get a workaround of the command and delete the log.

    Best regards
    Tom

  2. Re: Monitoring Linux user account

    On 15 Feb, 07:55, tof...@gmail.com wrote:
    > Hi,
    >
    > Is it possible to logging/monitoring the activity of an user-account
    > on Linux ??
    >
    > We are looking into using the command script to build up a monitoring
    > tool, but it seems like if you are having a little knowledge about
    > Linux you can get a workaround of the command and delete the log.
    >
    > Best regards
    > Tom


    What you really want is a keystroke monitor. Unfortunately, they're
    bloody awkward to integrate into a normal operating system and cause
    damage at weird times.

    There is often some logging with some shells, namely a .bash_history
    file, but those are easily confused and edited. It's also possible to
    monitor the network traffic between one machine and another, but that
    presents a lot of data you normally don't care about.

  3. Re: Monitoring Linux user account

    On Thu, 14 Feb 2008 23:55:13 -0800 (PST)
    tofran@gmail.com wrote:

    > Is it possible to logging/monitoring the activity of an user-account
    > on Linux ??
    >
    > We are looking into using the command script to build up a monitoring
    > tool, but it seems like if you are having a little knowledge about
    > Linux you can get a workaround of the command and delete the log.


    It is well possible -- theoretically. You'll have to make sure that the
    user only uses a specific set of binaries and libraries, and that they
    cannot override this. These binaries have to send logging information
    to, say, syslog, i.e. some logging system, which is one-way from the
    user perspective.

    More realistically, this is overkill. It sets your system under quite
    some load for information, which is mostly useless. Log the important
    things instead, whatever that might be in your particular scenario.
    That's much easier.

    Monitoring is even worse. Generally you just don't want to do that.
    The disadvantages way outweigh the advantages. It's about the same as
    logging, but requires much more resources, and someone to actually look
    at the monitor all the time.


    Regards,
    Ertugrul Söylemez.


  4. Re: Monitoring Linux user account

    On Thu, 2008-02-14 at 23:55 -0800, tofran@gmail.com wrote:
    > Hi,
    >
    > Is it possible to logging/monitoring the activity of an user-account
    > on Linux ??
    >
    > We are looking into using the command script to build up a monitoring
    > tool, but it seems like if you are having a little knowledge about
    > Linux you can get a workaround of the command and delete the log.


    You'd have to go a more policy controlled environment, where root
    doesn't even have all power... e.g. SELinux.

    Then you could create such a beast. With all of the pains of
    SELinux though...

    >
    > Best regards
    > Tom



+ Reply to Thread