[aklug] Re: Security logs

or use user's shell history file(s)
iff process accounting is enabled and turned on, the process accounting
subsystem
can produce a report of what they did.
then ther are the logs in /var/log to add more information.
really depends on what they're looking for.
a detailed forensic investigation can show more and take into account
the
fact that this user might be hiding their tracks.=20

-----Original Message-----
From: aklug-bounce@aklug.org [mailto:aklug-bounce@aklug.org] On Behalf
Of Jon Reynolds
Sent: Monday, July 28, 2008 11:04 AM
To: aklug@aklug.org
Subject: [aklug] Re: Security logs

Christopher Howard wrote:
> Hello. My brother in the Navy e-mailed me this question, but I don't=20
> know much about Linux security logs:
> Hey Chris,
>=20
> Question of high importance:
> Is there a log in LINUX that shows who was logged in when, and what
they did while logged on?
> This is very important.
> Thanks,
> Weston

man wtmp

There is a program called 'last' that will show who was logged in last,=20
oddly enough. As for what they did, you could see when they logged in=20
and then check for any file whose time stamp was updated during their=20
session.

Jon
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Jul 28 11:17:30 2008