nixCraft: How to Keep a Detailed Audit Trail of What's Being Done on Your Linux Systems

[ Thanks to An Anonymous Reader for this link. ]

"Intrusions can take place from both authorized (insiders) and unauthorized (outsiders) users. My personal experience shows that unhappy user can damage the system, especially when they have a shell access. Some users are little smart and removes history file (such as ~/.bash_history) but you can monitor all user executed commands.

"It is recommended that you log user activity using process accounting. Process accounting allows you to view every command executed by a user including CPU and memory time..."

Complete Story

Related Stories:

• SearchOpenSource: Host Intrusion Detection with OSSEC(Oct 13, 2006)
• HowtoForge: Securing Your Server With A Host-based Intrusion Detection System(Sep 21, 2006)
• Port 25: Honeypots and User-Mode-Linux (UML)(Jul 25, 2006)