Hi,
I would like to know if there is anyway that I can pinpoint the user before/after he connects to the root? Also, I'm trying to find out what are the commands he inputs under root access.
Check if your OS has any auditing facilites that might provide something like this.
It might be also interessting to enable an su log - on Linux for example it is /etc/login.defs enabling some SU related variables that might write for example /var/log/sulog for new logins. It will at least show when which user su'ed.
Can you suggest any auditing facility that I may use wherein I can pinpoint the root user and the commands he/she inputs? Also, is possible to automate that system's auditing process?
For what operating system and version?
I'm currently using Ubuntu version 6.06
Hi
user this command :
history
it will display the command history but i am not sure in ubuntu it will be
for all users or for the current user
also you can save the output for this command
history > output.txt
Best Regards
Google tells there is an auditd for Ubuntu/Debian etc. that should be what you are looking for.
If you want more info, use following strings in google: ubuntu auditing