Re: SPAM: Linux file updates by timestamp and userid

2014-03-24 Thread Mark Post 
>>> On 3/24/2014 at 10:59 AM, Jeffrey Kirby  wrote: 
> RCS is built 
> for it, and I believe it's in the default SLES install.

Dear $DIETY I hope not.  Nope, just looked.  The git-core package is, however, 
and would be a vastly superior choice.  Perhaps for the use case you're 
thinking of, however, puppet might be even better, since keeping configuration 
files as desired wouldn't depend on someone noticing they were out of whack.  
The detection would be automated as would the repair.  Now, using git on the 
puppet _server_ would make a lot of sense in that scenario as well.


Mark Post

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: SPAM: Linux file updates by timestamp and userid

2014-03-24 Thread Jeffrey Kirby 
If you're looking for lightweight version control for configs on systems 
rather than audit data as others have given you pointers to, RCS is built 
for it, and I believe it's in the default SLES install.

jeff



From:   Berthold Gunreben 
To: LINUX-390@VM.MARIST.EDU, 
Date:   03/14/2014 04:26 AM
Subject:Re: SPAM: Linux file updates by timestamp and userid
Sent by:Linux on 390 Port 



Hi Rita,

I don't know if that fits your need, but you could go a different path:

You could just setup a subversion server somewhere, where all users have
access. After updating a file in subversion, the production system only
has to do an update of the real file.

This would also prevent from conflicts of different people for the file
update. An extra message log could also be tracked that way.

Berthold

On Thu, 13 Mar 2014 22:32:59 +
"Shan, Rita"  wrote:

> Could anyone kindly provide information on how we can monitor/log
> zLinux file updates by timestamp and by user ID? We have a number of
> staff maintaining zLinux system all with sudo privilege, we need to
> have a way to track file updates by date/time/user-ID.
> 
> Does AIDE provides these kind of detailed level information? What
> kind of overhead it will generate if we turned it on? Is there an
> inexpensive vendor tool for this?
> 
> Any help is greatly appreciated
> 
> Rita
> 
> 
> 
> Email transmitted across the Internet is normally not protected and
> may be intercepted and viewed by others. Therefore, you should
> refrain from sending any confidential or private information via
> unsecured email to PenFed. We will not ask you to send confidential
> information to us via email, such as your logon ID, password, account
> numbers, or Social Security number. We prohibit our employees from
> sending confidential information to you via email that is not
> encrypted. The recommended document submission method is FAX; a
> partial list of generic fax numbers can be found
> <https://www.penfed.org/aboutUs/contactUs.asp#fax>
> here<https://www.penfed.org/aboutUs/contactUs.asp#fax>.<
https://www.penfed.org/aboutUs/contactUs.asp#fax>
> 
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390
> or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/



-- 
--
 Berthold Gunreben  Build Service Team
 http://www.suse.de/ Maxfeldstr. 5
 SUSE LINUX Products GmbH   D-90409 Nuernberg, Germany
 GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer
 HRB 16746 (AG Nürnberg)

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or 
visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/


--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Linux file updates by timestamp and userid

2014-03-17 Thread Carsten Otte 
How about this open source tool?
http://stackoverflow.com/questions/10527936/using-inotify-to-keep-track-of-all-files-in-a-system

with kind regards
Carsten Otte
System z firmware development / Boeblingen lab
---
Every revolution was first a thought in one man's mind;
and when the same thought occurs to another man, it is the key to that era.

 - Ralph Waldo Emerson, Essays: First Series, 1841



 "Shan, Rita"
   To
 Sent by: Linux on LINUX-390@vm.marist.edu,
 390 Port   cc
   Subject
   Linux file updates by timestamp and
   userid
 13.03.2014 23:32


 Please respond to
 Linux on 390 Port
 






Could anyone kindly provide information on how we can monitor/log zLinux
file updates by timestamp and by user ID? We have a number of staff
maintaining zLinux system all with sudo privilege, we need to have a way to
track file updates by date/time/user-ID.

Does AIDE provides these kind of detailed level information? What kind of
overhead it will generate if we turned it on? Is there an inexpensive
vendor tool for this?

Any help is greatly appreciated

Rita



Email transmitted across the Internet is normally not protected and may be
intercepted and viewed by others. Therefore, you should refrain from
sending any confidential or private information via unsecured email to
PenFed. We will not ask you to send confidential information to us via
email, such as your logon ID, password, account numbers, or Social Security
number. We prohibit our employees from sending confidential information to
you via email that is not encrypted. The recommended document submission
method is FAX; a partial list of generic fax numbers can be found <
https://www.penfed.org/aboutUs/contactUs.asp#fax> here<
https://www.penfed.org/aboutUs/contactUs.asp#fax>.<
https://www.penfed.org/aboutUs/contactUs.asp#fax>

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Linux file updates by timestamp and userid

2014-03-14 Thread Veencamp, Jonathon D. 
I'd recommend looking at the Linux Audit Subsystem.  That is probably designed 
to give you what you want.   It will probably require careful thought to get it 
dialed in to tell you everything you want to know, but it's pretty mainstream.

Jon

-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Shan, Rita
Sent: Thursday, March 13, 2014 5:33 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Linux file updates by timestamp and userid

Could anyone kindly provide information on how we can monitor/log zLinux file 
updates by timestamp and by user ID? We have a number of staff maintaining 
zLinux system all with sudo privilege, we need to have a way to track file 
updates by date/time/user-ID.

Does AIDE provides these kind of detailed level information? What kind of 
overhead it will generate if we turned it on? Is there an inexpensive vendor 
tool for this?

Any help is greatly appreciated

Rita



Email transmitted across the Internet is normally not protected and may be 
intercepted and viewed by others. Therefore, you should refrain from sending 
any confidential or private information via unsecured email to PenFed. We will 
not ask you to send confidential information to us via email, such as your 
logon ID, password, account numbers, or Social Security number. We prohibit our 
employees from sending confidential information to you via email that is not 
encrypted. The recommended document submission method is FAX; a partial list of 
generic fax numbers can be found 
<https://www.penfed.org/aboutUs/contactUs.asp#fax> 
here<https://www.penfed.org/aboutUs/contactUs.asp#fax>.<https://www.penfed.org/aboutUs/contactUs.asp#fax>

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/



The information contained in this e-mail message is intended only for the 
personal and confidential use of the designated recipient(s) named above. This 
message may be an attorney-client or work product communication which is 
privileged and confidential. It may also contain protected health information 
that is protected by federal law. If you have received this communication in 
error, please notify us immediately by telephone and destroy (shred) the 
original message and all attachments. Any review, dissemination, distribution 
or copying of this message by any person other than the intended recipient(s) 
or their authorized agents is strictly prohibited. Thank you.

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Linux file updates by timestamp and userid

2014-03-14 Thread Veencamp, Jonathon D. 
AIDE won't tell you who, or what exactly the change was, but you'll know a 
change took place.

This is kind of basic, but do you have something like this set in sudo?
Defaults syslog="auth", mailto="nslinuxsupp...@fedins.com", mail_always

We have a remote syslog server, so every sudo'd command is recorded somewhere 
else as well as mailed as it happened.  But unless you really tune sudo to 
limit certain commands, someone nefarious could still cover their tracks 
locally after getting root authority via sudo.  You'd still have the initial 
sudo commands logged remotely so you'd have a record of how they got started.

Jon

-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Leland 
Lucius
Sent: Thursday, March 13, 2014 7:35 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Linux file updates by timestamp and userid

On 3/13/2014 5:32 PM, Shan, Rita wrote:
> Could anyone kindly provide information on how we can monitor/log zLinux file 
> updates by timestamp and by user ID? We have a number of staff maintaining 
> zLinux system all with sudo privilege, we need to have a way to track file 
> updates by date/time/user-ID.
>
> Does AIDE provides these kind of detailed level information? What kind of 
> overhead it will generate if we turned it on? Is there an inexpensive vendor 
> tool for this?
You can use the "audit" package for this.  Note that once the user sudos
to root, then root will be the one logged as modifying the file.
However, sudo usage is also logged, so you might be able to correlate
the two events somehow.

Leland

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/



The information contained in this e-mail message is intended only for the 
personal and confidential use of the designated recipient(s) named above. This 
message may be an attorney-client or work product communication which is 
privileged and confidential. It may also contain protected health information 
that is protected by federal law. If you have received this communication in 
error, please notify us immediately by telephone and destroy (shred) the 
original message and all attachments. Any review, dissemination, distribution 
or copying of this message by any person other than the intended recipient(s) 
or their authorized agents is strictly prohibited. Thank you.

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Linux file updates by timestamp and userid

2014-03-14 Thread Jonathan Quay 
If all you want to do is provide some level of individual accountability
for users that sudo to root, you can modify root's shell's history file
processing to spin off separate history files based off "who am i"  to some
arbitrary location like /var/log/sudohistory with timestamps added via
HISTTIMEFORMAT.  Doesn't stop anybody from doing anything nefarious, but it
does answer the age old question "Hey.. who updated this configuration
file?"


On Thu, Mar 13, 2014 at 6:32 PM, Shan, Rita  wrote:

> Could anyone kindly provide information on how we can monitor/log zLinux
> file updates by timestamp and by user ID? We have a number of staff
> maintaining zLinux system all with sudo privilege, we need to have a way to
> track file updates by date/time/user-ID.
>
> Does AIDE provides these kind of detailed level information? What kind of
> overhead it will generate if we turned it on? Is there an inexpensive
> vendor tool for this?
>
> Any help is greatly appreciated
>
> Rita
>
>
>
> Email transmitted across the Internet is normally not protected and may be
> intercepted and viewed by others. Therefore, you should refrain from
> sending any confidential or private information via unsecured email to
> PenFed. We will not ask you to send confidential information to us via
> email, such as your logon ID, password, account numbers, or Social Security
> number. We prohibit our employees from sending confidential information to
> you via email that is not encrypted. The recommended document submission
> method is FAX; a partial list of generic fax numbers can be found <
> https://www.penfed.org/aboutUs/contactUs.asp#fax> here<
> https://www.penfed.org/aboutUs/contactUs.asp#fax>.<
> https://www.penfed.org/aboutUs/contactUs.asp#fax>
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Linux file updates by timestamp and userid

2014-03-14 Thread Berthold Gunreben 
Sorry, I should have removed the (automatic and wrong) SPAM from the
subject line. I hope it still helps...

Berthold

On Thu, 13 Mar 2014 22:32:59 +
"Shan, Rita"  wrote:

> Could anyone kindly provide information on how we can monitor/log
> zLinux file updates by timestamp and by user ID? We have a number of
> staff maintaining zLinux system all with sudo privilege, we need to
> have a way to track file updates by date/time/user-ID.
> 
> Does AIDE provides these kind of detailed level information? What
> kind of overhead it will generate if we turned it on? Is there an
> inexpensive vendor tool for this?
> 
> Any help is greatly appreciated
> 
> Rita
> 
> 
> 
> Email transmitted across the Internet is normally not protected and
> may be intercepted and viewed by others. Therefore, you should
> refrain from sending any confidential or private information via
> unsecured email to PenFed. We will not ask you to send confidential
> information to us via email, such as your logon ID, password, account
> numbers, or Social Security number. We prohibit our employees from
> sending confidential information to you via email that is not
> encrypted. The recommended document submission method is FAX; a
> partial list of generic fax numbers can be found
> 
> here.
> 
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390
> or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/



-- 
--
 Berthold Gunreben  Build Service Team
 http://www.suse.de/ Maxfeldstr. 5
 SUSE LINUX Products GmbH   D-90409 Nuernberg, Germany
 GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer
 HRB 16746 (AG Nürnberg)

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: SPAM: Linux file updates by timestamp and userid

2014-03-14 Thread Berthold Gunreben 
Hi Rita,

I don't know if that fits your need, but you could go a different path:

You could just setup a subversion server somewhere, where all users have
access. After updating a file in subversion, the production system only
has to do an update of the real file.

This would also prevent from conflicts of different people for the file
update. An extra message log could also be tracked that way.

Berthold

On Thu, 13 Mar 2014 22:32:59 +
"Shan, Rita"  wrote:

> Could anyone kindly provide information on how we can monitor/log
> zLinux file updates by timestamp and by user ID? We have a number of
> staff maintaining zLinux system all with sudo privilege, we need to
> have a way to track file updates by date/time/user-ID.
> 
> Does AIDE provides these kind of detailed level information? What
> kind of overhead it will generate if we turned it on? Is there an
> inexpensive vendor tool for this?
> 
> Any help is greatly appreciated
> 
> Rita
> 
> 
> 
> Email transmitted across the Internet is normally not protected and
> may be intercepted and viewed by others. Therefore, you should
> refrain from sending any confidential or private information via
> unsecured email to PenFed. We will not ask you to send confidential
> information to us via email, such as your logon ID, password, account
> numbers, or Social Security number. We prohibit our employees from
> sending confidential information to you via email that is not
> encrypted. The recommended document submission method is FAX; a
> partial list of generic fax numbers can be found
> 
> here.
> 
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390
> or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/



-- 
--
 Berthold Gunreben  Build Service Team
 http://www.suse.de/ Maxfeldstr. 5
 SUSE LINUX Products GmbH   D-90409 Nuernberg, Germany
 GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer
 HRB 16746 (AG Nürnberg)

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Linux file updates by timestamp and userid

2014-03-13 Thread Leland Lucius 

On 3/13/2014 5:32 PM, Shan, Rita wrote:

Could anyone kindly provide information on how we can monitor/log zLinux file 
updates by timestamp and by user ID? We have a number of staff maintaining 
zLinux system all with sudo privilege, we need to have a way to track file 
updates by date/time/user-ID.

Does AIDE provides these kind of detailed level information? What kind of 
overhead it will generate if we turned it on? Is there an inexpensive vendor 
tool for this?

You can use the "audit" package for this.  Note that once the user sudos
to root, then root will be the one logged as modifying the file.
However, sudo usage is also logged, so you might be able to correlate
the two events somehow.

Leland

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Linux file updates by timestamp and userid

2014-03-13 Thread Shan, Rita 
Could anyone kindly provide information on how we can monitor/log zLinux file 
updates by timestamp and by user ID? We have a number of staff maintaining 
zLinux system all with sudo privilege, we need to have a way to track file 
updates by date/time/user-ID.

Does AIDE provides these kind of detailed level information? What kind of 
overhead it will generate if we turned it on? Is there an inexpensive vendor 
tool for this?

Any help is greatly appreciated

Rita



Email transmitted across the Internet is normally not protected and may be 
intercepted and viewed by others. Therefore, you should refrain from sending 
any confidential or private information via unsecured email to PenFed. We will 
not ask you to send confidential information to us via email, such as your 
logon ID, password, account numbers, or Social Security number. We prohibit our 
employees from sending confidential information to you via email that is not 
encrypted. The recommended document submission method is FAX; a partial list of 
generic fax numbers can be found 
 
here.

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/