Z
Z
zhynna2015-08-07 15:28:20
linux
zhynna, 2015-08-07 15:28:20

Auditing user actions in Linux - how?

There is a local server with Linux.
There are a couple dozen ordinary users of this server.
Users do not have elevated rights, and log into the local server using ssh.
For each user on the local server, a key pair - public and private - is generated using ssh-keygen. User public keys are distributed to remote servers (Linux/AIX/BSD) using ssh-copy-id [email protected] Those. users can access remote servers as root using keys.
The task is to log all user actions on remote servers.
We cannot do anything on remote servers, there is no way to log in, i.e. All logging should be done on the local server.
Question - how? So far I haven't found a good solution :-(

Answer the question

In order to leave comments, you need to log in

4 answer(s)
V
Vlad Zhivotnev, 2015-08-07
@zhynna

Replace shell from /bin/bash with a call to bash wrapped in a script utility.

S
Saboteur, 2015-08-07
@saboteur_kiev

Why are you giving root permissions to users? What exactly should they do?
You can easily configure sudoers to allow users to sudo only certain commands.
If they need to be given the opportunity to reboot some service, write a script, put rx rights on it and give sudoers the execution of only this script.
If you need monitoring, then put monitoring, and do not give root users to manually pick something.
You can specify the goal of the problem at a higher level of abstraction, since the inconvenience of a technical solution is very often associated with an incorrect approach to solving the problem as a whole.

A
Andrey Burov, 2015-08-07
@BuriK666

write a suid application that will run https://asciinema.org/ and write data somewhere and run an ssh client.

A
alexander sm1ly, 2015-09-09
@sm1ly

you have 2 options.
1. paid fudo
2. lshell

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question