Need to track which users are making changes to production files. I have a small number of administrators with access to su, but need to be able to identify which administrator is making changes to which files after they have su.
I have read several post and articles regarding auditd tool, but it is not clear to me whether this tool can generate a log that shows the original user and file being altered.
HELP!!!
as far as i know the default setup of /var/log/messages will show who
becomes root, and at what time…but, i do not know what (if anything)
automatically (or with setup) logs who touches what and when…
–
DenverD
CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]
On 07/22/2010 01:03 PM, DenverD wrote:
> as far as i know the default setup of /var/log/messages will show who
> becomes root, and at what time…but, i do not know what (if anything)
> automatically (or with setup) logs who touches what and when…
Impress on them the need to use sudo rather than su by revoking root privilege
from any user that disobeys the suggestion. Then the command that was run will
be logged.
Larry Finger wrote:
> Impress on them the need to use sudo rather than su by revoking root
> privilege from any user that disobeys the suggestion. Then the command
> that was run will be logged.
excellent!
–
DenverD
CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]