[aklug] Re: Security logs

/var/log/secure will show all logins *success, fail, where from*
/home/{user}/.bash_history will show all activity, unless someone deletes
that activity, or you're not using bash. It's per-user.

You can start there.

--Will

On Mon, Jul 28, 2008 at 1:17 PM, Jenkinson, John P (SAIC) <
John.Jenkinson@bp.com> wrote:

> or use user's shell history file(s)
> iff process accounting is enabled and turned on, the process accounting
> subsystem
> can produce a report of what they did.
> then ther are the logs in /var/log to add more information.
> really depends on what they're looking for.
> a detailed forensic investigation can show more and take into account
> the
> fact that this user might be hiding their tracks.=20
>
> -----Original Message-----
> From: aklug-bounce@aklug.org [mailto:aklug-bounce@aklug.org] On Behalf
> Of Jon Reynolds
> Sent: Monday, July 28, 2008 11:04 AM
> To: aklug@aklug.org
> Subject: [aklug] Re: Security logs
>
> Christopher Howard wrote:
> > Hello. My brother in the Navy e-mailed me this question, but I don't=20
> > know much about Linux security logs:
> > Hey Chris,
> >=20
> > Question of high importance:
> > Is there a log in LINUX that shows who was logged in when, and what
> they did while logged on?
> > This is very important.
> > Thanks,
> > Weston
>
>
> man wtmp
>
> There is a program called 'last' that will show who was logged in last,=20
> oddly enough. As for what they did, you could see when they logged in=20
> and then check for any file whose time stamp was updated during their=20
> session.
>
>
> Jon
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Jul 28 11:31:50 2008