If all you want to do is provide some level of individual accountability for users that sudo to root, you can modify root's shell's history file processing to spin off separate history files based off "who am i" to some arbitrary location like /var/log/sudohistory with timestamps added via HISTTIMEFORMAT. Doesn't stop anybody from doing anything nefarious, but it does answer the age old question "Hey.. who updated this configuration file?"
On Thu, Mar 13, 2014 at 6:32 PM, Shan, Rita <rita.s...@penfed.org> wrote: > Could anyone kindly provide information on how we can monitor/log zLinux > file updates by timestamp and by user ID? We have a number of staff > maintaining zLinux system all with sudo privilege, we need to have a way to > track file updates by date/time/user-ID. > > Does AIDE provides these kind of detailed level information? What kind of > overhead it will generate if we turned it on? Is there an inexpensive > vendor tool for this? > > Any help is greatly appreciated > > Rita > > > > Email transmitted across the Internet is normally not protected and may be > intercepted and viewed by others. Therefore, you should refrain from > sending any confidential or private information via unsecured email to > PenFed. We will not ask you to send confidential information to us via > email, such as your logon ID, password, account numbers, or Social Security > number. We prohibit our employees from sending confidential information to > you via email that is not encrypted. The recommended document submission > method is FAX; a partial list of generic fax numbers can be found < > https://www.penfed.org/aboutUs/contactUs.asp#fax> here< > https://www.penfed.org/aboutUs/contactUs.asp#fax>.< > https://www.penfed.org/aboutUs/contactUs.asp#fax> > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
