Remembering what we have talked about in the Namespaces chapter, an admin does well in monitoring what his system users do. We will install a tool for that.
Snoopy is designed to aid a sysadmin by providing a log of commands executed. Snoopy is completely transparent to the user and applications. It is linked into programs to provide a wrapper around calls to execve(). Logging is done via syslog. Source: https://github.com/renard/snoopy
The EPEL repository we have enabled earlier contains distribution packages, so installation can be done through yum
:
yum install snoopy
The installation process does not enable snoopy
however, so little hand-work is required:
nano /etc/ld.so.preload
/$LIB/snoopy.so // do be added to the file
Afterwards the box should be restarted. From now on, all user activity is logged to /var/log/secure
.