4
2
I log on to a lot of different servers at work to do some tasks and install new software. However, sometimes I find myself wanting to know what has been done to the computer recently. This usually involves me going through log files and just observing the filesystem for new folders/files (usually in /tmp).
Is there some kind of a master log file which logs all (or nearly all) "activity" on the computer. Even getting a list of most recent command line 'history' from different users would be helpful to see what they did in the last couple hours. I only need to know the big things:
- new software installs
- important files being changed
- new users/groups being made
Am I asking for too much from my system? If this doesn't exist I might just develop a tool to do it. In that case, which files should I be looking at to extract the information I want?
n0pe
Posted 2011-07-04T15:19:51.487
Reputation: 14 506
I bet there are a few packages in existence for this kind of thing. I suppose a 'tripwire' would even help to some extent. Or perhaps SELinux has some extra logging in it - anyway - this isn't an answer since I'm not sure. – James T Snell – 2011-07-04T15:21:48.567
Check out Unix Accounting. – Daniel Beck – 2011-07-04T15:25:12.070
UNIX accounting is very cool, thanks for the reference. – n0pe – 2011-07-04T15:33:19.097
Consider answering yourself with what/how you use accounting. I know very little about it besides that it exists, and how you use it in detail to achieve your goal would be interesting. – Daniel Beck – 2011-07-04T17:48:54.497
@Daniel Beck: Accounting seems to be what I'm looking for. If you'd post that as an answer I'll accept it. – n0pe – 2011-07-08T22:09:30.803