Need to see what ther Root users are doing while logged in to terminal
Results 1 to 3 of 3

Thread: Need to see what ther Root users are doing while logged in to terminal

Hybrid View

  1. #1
    Junior Member
    Join Date
    Jul 2003
    Posts
    18

    Need to see what ther Root users are doing while logged in to terminal

    I have a server that i need to monitor what the .bash_history file for the root user already logged in to the server

    I am logged in as root and have another person logged on as root and i want to monitor what they are doing:


    root ? :0 2010-10-19 11:54
    root + pts/1 2010-10-22 02:27 (192.168.170.1)
    root + pts/2 2010-10-19 11:59 (:0.0)
    root + pts/3 2010-10-22 03:41 (192.168.170.1)

    I am using pts/1 and other person is using pts/3 i want to see what they are doing and need to know how to do this with out scripting something to monitor activity.

    thanks.

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    ??????????????????

    1. Why are two people logged in as root, come to think of it, why is anybody logged in as root?

    2. Is this a legitimate root user or an intruder. The reason I ask is that it is reasonable to expect that if it is an intruder, they will attempt to obfuscate their activities and delete any evidence of what they have done?

    3. Is this a local access or remote?

    4. Is the requirement for historical, real time or both data?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    Not sure if this is what you want, but try this...

    watch -n 10 -d ls -l /root/.bash_history

    This watch command will run every 10 seconds and display the differences in the bash history file that have occurred since the last run of this command.

    However, you wont be able to ascertain which commands were executed by the various root sessions. It will simply tell you the commands that have been executed by user root. This will run real time.

    CSR
    In God We Trust....Everything else we backup.

Similar Threads

  1. Creating a Secure SUSE Linux server for FTP and SSH
    By gore in forum The Security Tutorials Forum
    Replies: 3
    Last Post: March 16th, 2005, 10:33 PM
  2. The Worlds Longest Thread!
    By Noble Hamlet in forum AntiOnline's General Chit Chat
    Replies: 1100
    Last Post: March 17th, 2002, 09:38 AM
  3. Bofh
    By ac1dsp3ctrum in forum AntiOnline's General Chit Chat
    Replies: 2
    Last Post: February 17th, 2002, 10:52 AM
  4. Sudo: A better way to secure root
    By Matty_Cross in forum Security Archives
    Replies: 1
    Last Post: January 4th, 2002, 05:21 PM
  5. Protecting the root account.
    By UberC0der in forum Security Archives
    Replies: 5
    Last Post: December 28th, 2001, 10:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •