Results 1 to 6 of 6
  1. #1

    Log user activity.

    Hi.

    'the one in charge' asked me to hand over login details to a server hardening guy to look at as google thinks we have suffered a 302 redirect hijack, showing 3 million pages on the site.

    I assume they will want root login, which, I know they can be trusted, but is there another way? Will it be possible to log the activities of a certain user? I think I will add a new superuser account for them (If anyone could hint on a command / adduser flag that would be great!).

    Am using CentOS.

    Thanks.
    Carl.

  2. #2
    Join Date
    Dec 2004
    Location
    Washington, DC
    Posts
    787
    Quote Originally Posted by Carlton
    Hi.

    'the one in charge' asked me to hand over login details to a server hardening guy to look at as google thinks we have suffered a 302 redirect hijack, showing 3 million pages on the site.

    I assume they will want root login, which, I know they can be trusted, but is there another way? Will it be possible to log the activities of a certain user? I think I will add a new superuser account for them (If anyone could hint on a command / adduser flag that would be great!).

    Am using CentOS.

    Thanks.
    Carl.
    Code:
    useradd
    (Assuming they are going to use bash), you can always check their .bash_history file; however they /could/ delete/clear that file, being a user with full-root privileges.

  3. #3
    Join Date
    Apr 2003
    Location
    UK
    Posts
    2,560
    grsecurity can be setup to log all actions by specific users to syslog (which can be sent off remotely)

  4. #4
    Join Date
    Mar 2005
    Location
    Maine, USA
    Posts
    302
    I'd recommend setting up a regular user account for the hired tech and then give them full sudo access. Sudo logs all commands to /var/log/secure or to messages or other places depending on the setup.

    useradd hiredtech
    passwd hiredtech
    visudo -e
    hiredtech ALL=(ALL) ALL

    this allows the hiredtech to run all commands on all servers at all times. then if you have issues with the hiredtech, you can comment out that line in the /etc/sudoers file.

    A sudo package should be available for most Linux distros.
    For Centos/RHEL, if you do not have it, then run
    yum install sudo

  5. #5
    Hi.

    .bash_history should be fine.

    With regards to the new superuser, the sudoer thing doesnt seem to give root-equivilent access, for example, I have a htdocs directory that is not accessible by anyone however I am able to view the files as the 'hiredtech' but not edit them. Any ideas?

    Thanks for your help - much appreciated!

  6. #6
    Join Date
    Nov 2001
    Location
    Philadelphia, Pa
    Posts
    949
    he has to:
    sudo su -
    before he gets root access.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •