开发者

Can user activity be captured on a unix server with bash or Python

I work off a server along with a number of other people, who, because of unexplained occurrences, change files, symlinks, etc. Unfortunately, all have the same level of file system rights. Is there a straightforward开发者_开发知识库 way to capture activity: login/logout time (I know the 'last' command shows this), files changed (deleted, added, etc.), and symlinks created, changed or deleted? I'm wondering if it's more straight forward to do something like this in bash or Python, and which direction to go? Thanks for all help.


First, you really should lock your user accounts down on your server. But if you really want to monitor activity within the file system, you've got a couple of options.

  1. Write a script to parse their bash history on logout, and save the log out time (poor)
  2. Install iwatch, then point it at the locations to monitor, and write a script to record pertinent information whenever something changes to a log file.

If you want to monitor user activity, as if you are watching over their shoulder, that's a little harder. Especially because some things, such as sftp, don't actually make any entries in bash_history. It's an entirely different subsystem.

The best thing to do is just monitor the areas of the filesystem that the users have access to for changes and log them, which is another reason to lock down your users. Linux has user folders for a reason. Everybody gets their own sandbox so that they don't touch each other.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜